xHelper Trojan Variant Reinstalls Itself After Removal, Infects 45K
In the past 6 months, an Android Trojan called xHelper has infected over 45,000 devices, mostly in the US, India and Russia. The number of infected devices is still growing every day. Symantec warns that xHelper seems to be virtually impossible to remove, since even factory resets do not get rid of the infection. The malware just reinstalls itself after every reset.
The malicious behavior of xHelper includes displaying pop-up adds and connecting with a command and control (C&C) server in order to download additional malware on infected devices, including droppers, clickers, and rootkits. The researchers “believe the pool of malware stored on the C&C server to be vast and varied in functionality, giving the attacker multiple options, including data theft or even complete takeover of the device.”