printer friendly version

The Trojan that’s nearly impossible to remove

Last year, a particularly indelible malware was discovered attacking Android-based devices: the now infamous xHelper Trojan, which is nearly impossible to remove from a device. As of March 2020, the xHelper has infected over 55 000 phones around the world, and the attacks continue.

After xHelper is installed, it runs a series of downloads of other malicious files, including one known as Triada, which provides root access on the device. This is what makes xHelper particularly difficult to remove; the malware module installed in the system folder simply reinstalls the deleted applications. In addition, all the files copied to the phone’s folders by the malware are designated ‘immutable’, meaning not even super-users can delete them.

“xHelper is particularly dangerous because it creates a backdoor that the attackers can use to execute commands as if they’re a super-user, as well as gain access to all app data. A similar backdoor can then be used by other malware, like CookieThief, to attack the same device. Since xHelper is nearly impossible to remove, it’s important that Android users stay vigilant about what they’re downloading on their phone and always use strong mobile security software. The good news: if you are downloading apps from official stores, chances of encountering this malware are very low,” says Igor Golovin, malware analyst at Kaspersky.

Kaspersky solutions successfully block the threat.

To protect yourself from xHelper and other Android malware, Kaspersky experts recommend:

• Only download applications from trusted sources, like official marketplaces.

• Install an antivirus solution on your phone, like Kaspersky Antivirus & Security for Android.

Share this article:

Further reading: