Xhelper Android malware identified by Symantec, still persistent

Spread the love

Who doesn’t hate malware? We really don’t like it when viruses are discovered but we’re grateful they’re found right away. At least, affected Android phone owners can do the necessary solution or cleaning to their devices. Whether you admit it or not, the Android platform isn’t really safe and secure all the time. Google devs have been working on the mobile OS for years and it’s a good thing there have been improvements so far. The tech giant may have plenty of security checks available, most of them automated, but some threats and malware can still get through.

There is no perfect mobile platform but Android has a long way to go especially now that many developers and research firms have been discovering whatever is wrong on the system. The latest malware discovered by Symantec is the Xhelper. What it does is different. Affected mobile apps are traced to sources outside of the Google Play Store. Most of them are unofficial so we don’t really know how safe or unsafe they are.

Symantec is saying the malware is dangerous. It must be checked because if not detected, it can be really dangerous. It’s actually an old malware, having been detected back in March 2019. It was only showing unwanted apps. Interestingly and unknowingly to some affected users, the malware has evolved.

Symantec says the strategy is now more sophisticated. Apps don’t really contain the issue but they come with encrypted functions that communicated with a remote C&C server. That’s the usual behavior of new malware these days–contact an outside server to do things to a phone. It’s actually smart because it makes use of an SSL feature to mask any communication with a server or any download being done.

The malware is challenging to detect. It’s also said to be very persistent. What it does is listen to events, running in the foreground. It evades detection by preventing any memory manager to kill it. Making it a worse malware is the fact it can also survive factory resets and reboots.

So far, Symantec has detected 45,000 infections. That’s not a lot compared to some millions other malware has hit but it really is dangerous.

Leave a Reply