A malware You usually end up uninstalling it through an antivirus or by directly finding the files manually. In the worst case, you erase the entire PC or phone by restoring it from the factory to make sure everything has been deleted. Or not, because there are some malwares that seem persist and install alone again even when restoring the entire device. This is what is happening with the xHelper Trojan on Android phones and security experts do not yet know how to get it.
According to one Malwarebytes investigation, a virus called xHelper that was discovered already last year, is getting not to die on the devices it infects even when they are factory reset. It's about a malware relatively small, according to analysts they have only detected it in around 33,000 devices and mainly in the United States. Its purpose is serve as a Trojan to execute commands from outside remotely on the device and thus install for example unauthorized applications. The permissions that a malware gets on a phone They can be as varied.
But despite how little it has spread (or that we know it has spread), it is certainly a malware to consider for its ability to resist being eliminated. Basically every time the user removes the malware East appears again an hour later in the same directory of the file system. In fact, even after erasing the entire phone and restoring it from scratch is it possible to get rid of the Trojan.
The toughest smartphone virus known
This is what researchers have described, as the malware tougher than they have seen on a mobile. They discovered that the source of the reinfections was a series of folders that when you turned on the mobile installed the xHelper APK. These folders are removed and prevented from reinstalling xHelper, right? No. To the surprise of the researchers, the folders were not deleted either manually or after deleting the entire Android phone.
They say from Malwarebytes that have not yet been able to know how exactly xHelper remains on the phone after deleting the entire system. At first they believed that it implied to the phone that they were inside a microSD so that the phone would not delete the files, but they discarded this idea since it also happened in phones without microSD. The only thing they know for sure at the moment is that in some way the malware persists thanks to Google Play.
The temporary solution they have found is deactivate the Google Play Store app from the system settings and then delete the xHelper folders manually from the file system. Most Android-based viruses accompany an app that has been installed by the user and thus enter the phone. But Malwarebytes has found that somehow the xHelper Trojan is being implemented from the Play Store itself.
Android uses some permanent folders in the system They are not removed when reinstalling the operating system. These folders contain files to execute the basic functions of the phone. In principle no one should have access to these folders beyond Google and Android itself, but it seems that they can be manipulated.
Via | Malwarebytes