Android Malware xHelper More Dangerous than Originally Believed

Summary

Security researchers identify additional concerns regarding a malware cocktail known as xHelper targeting Android users. Though this ‘unkillable’ malware was discovered last year, the malware is far more malevolent than originally believed. xHelper disguises itself as a popular cleaning application (app) that claims to speed up performance; however, after installation, the app extracts an encrypted payload containing identifying information of the targeted device and sends it to the attacker-controlled remote web server. Another payload is executed that attempts to gain administrative access to the device and a backdoor is installed that is able to execute commands to give full access to all apps and stored data installed on the device. Additional malware is installed to remove root access control apps and it re-installs itself if xHelper is deleted or the device is factory reset.

Recommendations

The NJCCIC recommends affected Android users to re-flash devices with firmware available from the vendor’s official website or consider installing a new Android ROM. Android users may choose to download an anti-virus/anti-malware app for additional security and are encouraged to make frequent backups of important data. Additionally, users are reminded to only download apps from the official Google Play store and avoid third-party app stores. Further details can be found in the Android Headlines article.