Android users have been given a warning about an ‘extremely dangerous’ Google phone app
Android fans have been put on alert about an “unkillable” malware strain which can live on your Google phone forever. Android is one of the most used pieces of software in the world, with over 2.5billion active devices installed with the Google mobile OS. To put that in perspective, that’s equivalent to a third of the world’s population – underlining how widely used Android is.
But the hugely popular Google mobile OS is no stranger to security alerts, with Android fans on a regular basis being put on guard about threats.
Just earlier this week Android fans were told to immediately delete an app found on the Google Play Store downloaded over 100million times.
While recently Android users were told to stay away from an app that poses as a way to help you stay informed during the coronavirus pandemic.
Instead of being a helpful tool, upon installation the nefarious app locked devices and demanded a ransom of up to $ 250 to keep users’ data safe.
And now Android fans are being warned once again about a dangerous app for Google smartphones.
Kaspersky Labs discovered the xHelper malware on programmes found on unofficial app marketplaces.
The malware is downloaded under the guise of a “cleaner” app for Android devices.
But once installed it disappears and can nowhere be found on the home screen or in the programme menu.
The only way you can find the nefarious app is by inspecting the list of installed apps in the Android system settings.
In a post online Kaspersky Labs outlined the threat that the malware poses, analysing the Trojan-Dropper.AndroidOS.Helper.h sample.
Security experts have given a warning about the xHelper malware loaded on some Android apps
Igor Golovin described the Android malware as “extremely dangerous”, capable of accessing all app data after installing a backdoor.
The security expert also outlined how the nefarious malware is capable of reinstalling itself when a user tries to delete it.
Golovin explained: “Simply removing xHelper does not entirely disinfect the system.
“The programme com.diag.patches.vm8u, installed in the system partition, reinstalls xHelper and other malware at the first opportunity.”
“The malware analyst went onto add: But if you have Recovery mode set up on your Android smartphone, you can try to extract the libc.so file from the original firmware and replace the infected one with it, before removing all malware from the system partition.
“However, it’s simpler and more reliable to completely reflash the phone.
“Bear in mind too that the firmware of smartphones attacked by xHelper sometimes contains preinstalled malware that independently downloads and installs programs (including xHelper).
“In this case, reflashing is pointless, so it would be worth considering alternative firmwares for your device.
“If you do use a different firmware, remember that some of the device’s components might not operate properly.”
The xHelper malware threat underlines the danger of using unofficial app marketplaces and the importance of having good Android antivirus software.
Summing up, Golovin said: “In any event, using a smartphone infected with xHelper is extremely dangerous.
“The malware installs a backdoor with the ability to execute commands as a superuser.
“It provides the attackers with full access to all app data and can be used by other malware too, for example, CookieThief.”