Symantec has observed a surge in detections for a malicious Android application that can hide itself from users, download additional malicious apps, and display advertisements. The app, called Xhelper, is persistent. It is able reinstall itself after users uninstall it and is designed to stay hidden by not appearing on the system’s launcher. The app has infected over 45,000 devices in the past six months.
Symantec have seen many users posting about Xhelper on online forums, complaining about random pop-up advertisements and how the malware keeps showing up even after they have manually uninstalled it.
Xhelper infections
According to their telemetry, at least 45,000 devices have been impacted by the Xhelper malware. In the past month alone, there was an average of 131 devices infected each day, and an average of 2,400 devices persistently infected throughout the month. The malware mostly affects users in India, the U.S. and Russia. However, it can spread very easily.
Protection/Mitigation
Symantec and Norton products detect these malicious apps as the following:
• Android.Malapp
We advise users to take the following precautions:
• Keep your software up to date.
• Do not download apps from unfamiliar sites.
• Only install apps from trusted sources.
• Pay close attention to the permissions requested by apps.
• Install a suitable mobile security app, such as Norton or Symantec Endpoint Protection Mobile, to protect your device and data.
• Make frequent backups of important data.
To read the full report please visit https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware.