A new malware by the name of xHelper has been spotted by antivirus companies which apparently comes with a self-reinstall mechanism making it almost impossible to remove from Android devices. The malware is said to have infected 45,000 phones. According to Symantec, 131 new phones are infected each day, with 2,400 phones being infected each month.
According to a report, the malware allows for popup advertisements on devices along with notification spams. These popup ads generate revenue for the people behind the exploit. Further, the malware-infected phone users are asked to download applications from the Google Play Store. Once the app is installed on the phone, xHelper makes money in form of pay-per-installation commissions.
However, it seems that the malware does not carry out destructive operations and according to reports by Malwarebytes and Symantec, it is just restricted to intrusive popup adverts and notification spam. Furthermore, removing the xhelper service from the Android operating system too does not seem to work as the trojan re-installs itself every time, even after users have performed a factory reset!
What needs to be paid heed to, however, is the fact that both Symantec and Malwarebytes have warned users that while the trojan is currently restricted to spamming and ad revenue, it can download and install other apps, which could deploy second stage malware payloads that could steal banking passwords and other personal information.