How to stay safe from xHelper, the Trojan that’s nearly impossible to remove ­

Last year, a particularly indelible malware was discovered attacking Android-based devices: the now infamous xHelper Trojan, which is nearly impossible to remove from a device. As of March 2020, the xHelper has infected over 55,000 phones around the world, and the attacks continue.

After xHelper is installed, it runs a series of downloads of other malicious files, including one known as Triada, which provides root access on the device. This is what makes xHelper particularly difficult to remove; the malware module installed in the system folder simply reinstalls the deleted applications. In addition, all the files copied to the phone’s folders by the malware are designated “immutable”, meaning not even superusers can delete them.

“xHelper is particularly dangerous because it creates a backdoor that the attackers can use to execute commands as if they’re a superuser, as well as gain access to all app data. A similar backdoor can then be used by other malware, like CookieThief, to attack the same device. Since xHelper is nearly impossible to remove, it’s important that Android users stay vigilant about what they’re downloading on their phone and always use a strong mobile security software. The good news – if you are downloading apps from official stores, chances of encountering this malware are very, very low,” says Igor Golovin, malware analyst at Kaspersky.

Kaspersky solutions successfully block the threat.

To protect yourself from xHelper and other Android malware, Kaspersky experts recommend:


Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.