The uncrackable Android trojan: What is xHelper?

2 min read
Osman

I like to think about the impact that the internet has on humanity. In my free time, I'm wolfing down pasta.

The Android logo, but it's red and has evil eyes.

We’ve advised our readers to stay safe from malware and trojans by keeping their devices updated at all times, but a new strain caught in the wild is seemingly impenetrable to every cybersecurity best practice.

Amusingly named xHelper, the Android trojan affected over 45,000 devices by November 2019, with an average of 131 new daily victims. The primary source of infections was via third-party sites and apps downloaded from outside the Play Store.

[Want more Android security news? Sign up for the ExpressVPN newsletter.]

Most of its victims have been in India, the US, and Russia.

xHelper stubbornly refuses to go away even after you perform a factory data reset. So you can wipe your phone clean, delete all your data, re-install Android, and it’ll still be lying in wait disguised in some dark corner of your device.

The good news (if you can call it that) is xHelper limits itself to site redirects, popup ads, and other spammy notifications. It’s not going to try and extort money out of you (like classic ransomware), nor attempt to steal your data. XHelper developers are making cash, though, mainly through redirects that try to get you to install other apps.

Should I be scared of xHelper?

Absolutely! Who likes malicious programs on their device? To complicate matters, it appears that xHelper possesses capabilities of a far more destructive nature than what it’s currently revealing.

At the moment, all the trojan does is spam your device and monetize the successful intrusion. However, Symantec and Malwarebytes warn that xHelper can forcefully download and install other apps without any warning.

Hence, it’s possible that Xhelper could morph into something far more discomforting such as a DDoS bot or ransomware.

Malwarebytes claims its app is now updated to recognize, respond, and eliminate xHelper, though we haven’t independently verified this.

Remember, always adhere to security best practices

With 350,000 new malware programs released every day, it’s possible that, like xHelper, a few will slip through the cracks.

However, as we noted earlier, most xHelper victims fell prey to the program through third-party sites and app downloads outside of the Play Store. That’s a glaring security miss and one that should be avoided at all costs.

Unfortunately, the Google Play store isn’t known for its stellar security protocols, so that doesn’t make your life easier. In October, researchers discovered that the store hosted 172 malicious apps with over 335 million installs to date. So, you might want to take it a step further and only install apps with plenty of reviews and downloads, so you know they don’t contain malware.

I like to think about the impact that the internet has on humanity. In my free time, I'm wolfing down pasta.