8/25/2023 0 Comments Google chrome helper malwareUsers have also reported that xHelper is so resilient that it survives factory resets. It has been affecting mostly users in Russia (80.56%), India (3.43%) and Algeria (2.43%) and annoying users by downloading and installing adware from third-party apps and showing irritating ads and popups. Kaspersky’s Igor Golovin describes the malware as a matryoshka-style scheme, a “Russian nesting doll” using a multi-stage infection process, which “disguises itself as a popular cleaner and speed-up app” on Android smartphones. xHelper’s manifest code showing the events that will trigger the malware - Symantec Enterprise Blogs Threat Intelligence How does xHelper work? Therefore, there are still a lot of unknowns with the xHelper variants.įigure 2. ![]() It has, in fact, changed over time, and its functionality also expanded dramatically most recently. They also mention that xHelper code is not a static malware. The xHelper code used to remove app from application launcher (top) and list app in launcher (bottom) - Symantec Enterprise Blogs Threat IntelligenceĪccording to May Ying Tee and Tommy Dong, Software Engineers of Symantec’s Security Technology and Response team, xHelper’s application component not only has puzzled researchers by being able to hide and not appear on the system’s launcher, but also, “ the malicious app is launched by external events, such as when the compromised device is connected to or disconnected from a power supply, the device is rebooted, or an app is installed or uninstalled.” This malware, in fact, is designed to stay hidden by not appearing on the system’s launcher.įigure 1. Working in the background, xHelper is also able to hide almost all traces of its existence. It is a stealth version because on install, no icons are created in notifications the only evidence of its presence is a simple xHelper listing in the app info section. This is considered more dangerous, as it can not only infect Android devices with more malicious threats but compromise the settings of the infected device. There is also another version, a stealthier variant of the malware. These are all examples of the semi-stealthy xHelper version, which, upon installation, creates an icon in notifications that is titled “xhelper.” “The malware sits silently on the device and waits for commands from the attackers.” It also “modifies a system library (libc.so) intending to prevent infected users from re-mounting system partition in the write mode.”Īlso annoying are the intrusive pop-ups or notification spam, redirects showing advertisements or promotions of other sites and services that generate pay-per-click revenue. ![]() Users can even perform factory resets, and the malware soon shows again and continues to thrive on their mobile devices. One of the peculiarities of xHelper is its resistance to any form of detection and deletion. That number since then has continued to rise by the hundreds daily, with this malware still showing up strong in 2020. It quickly infected over 45,000 devices during a six months period in 2019. XHelper is among the family of trojan droppers that delivers malware on mobile devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |