- A new malware dubbed xHelper has already infected 45,000 devices and might be making its way to Jio users.
- The trojan malware looks to be targeting users in India, the US and Russia.
- xHelper doesn’t show up among listed apps or the launcher, and even if you install it — it will make its way back onto your device.
On some phones, it’s even disguised as ‘Jio’. Sysmatec suspects this because the malware is planning to target Jio users sometime in the future — that’s a pool of nearly 500 million subscribers.
The trojan dubbed xHelper has already infected 45,000 devices. The malware hides in the background, doesn’t show up on the launcher, and even if you uninstall it — it will just reinstall itself and go back into hiding.
The persistent piece of malware is capable of downloading unnecessary apps onto your phone cluttering memory and displaying ads, according to Sysmatec’s analysis.
Malware that can’t be seen and can’t be removed
The
This makes it possible for it to do two things. One, the phone doesn’t list itself as an application, so there’s nothing to uninstall.
Two, there’s no way to launch it manually and open it up. The malware’s launch will only be instigated by external events — this includes acts like putting your phone on charging, or rebooting the device.
Once it’s up and running, the malware runs as a foreground service. So, even when you clear cache as memory runs low — there’s a minimal chance of xHelper being shut down.
Even if it’s somehow stopped, it will restart on its own.
A ray of hope
Of all the samples that Sysmatec analysed, none were from the Google Play Store. The cyber security company believes that there’s a high possibility that xHelper can only make its way onto a phone with something is downloaded from unknown sources.
Sysmatec also observed that the malware is more prevalent on phones from certain brands, but did not disclose which specific smartphones are vulnerable.
xHelper is among Malwarebytes’ ten most detected list. It was added to their list in May 2019, and has since removed the infection from nearly 33,000 devices — and that number continues to rise.
Nobody the malware’s origins or where it’s coming from — just that it’s a growing threat that needs to be averted.
See also:
TCS was hacked for its clients by China’s cyber spy campaign: Report
Malware affecting Jio Apps, WhatsApp, Flipkart and Hotstar ‘primarily targeted’ Indian users through Alibaba’s app store
Here’s why Facebook is suing the NSO Group over the WhatsApp hack