It has often been suggested that downloading apps from third party app stores involves a considerable amount of risk. Malware is one of the biggest headaches. Now, again, consider yourselves warned. There is an Android malware doing rounds that is pretty much un-killable. That means it cannot be deleted, erased or eliminated even if you are to restore your phone. The xHelper Trojan for Android phones takes inspiration from the Russian matryoshka doll and deploys a series of malicious programs that are stored sequentially in a way that other programs don’t have access to them.
The way the xHelper malware works has been detailed by Kaspersky researcher Igor Golovin, who makes it absolutely clear that once this malware gets into you phone, there is absolutely no way to remove it—even if you restore the phone to factory settings. “The malware disguises itself as a popular cleaner and speed-up app for smartphones, but in reality there is nothing useful about it: after installation, the “cleaner” simply disappears and is nowhere to be seen either on the main screen or in the program menu. You can see it only by inspecting the list of installed apps in the system settings,” says Golovin, describing how this malware works. “Malicious files are stored sequentially in the app’s data folder, which other programs do not have access to. This matryoshka-style scheme allows the malware authors to obscure the trail and use malicious modules that are known to security solutions,” he adds.
You should be particularly worried if you use a smartphone made by a Chinese phone maker, because Kaspersky research suggests that xHelper gets root access on these phones running Android 6 and Android 7 versions. This allows it to install malicious files directly on the system partition.
Once this malware is installed on the phone, it gives the xHelper’s handlers the full access to all apps and data on your Android phone as well as the ability to execute tasks. Resetting the phone to factory settings wouldn’t really help because the files in the system partition remain, and they can further download a malicious program independently. A common method by which this malware arrives on phones is via apps that have been downloaded from unofficial sources, which is from app stores other than the Google Play Store. “In any event, using a smartphone infected with xHelper is extremely dangerous,” says Golovin.