It's been a while since we talked about xHelper, which is popular malware It was found in Android how great its identity was in its essence it is impossible to remove. For some unknown reason, malicious software was able to survive being installed on the phone even if it's formatted all your data was deleted.
After several months of work, Kaspersky's researchers finally found out how this malware works, and how it can survive being hidden on the phone it can & # 39; t install itself & # 39; automatically after deleting all data stored on the device.
How does this work with xHelper, the "impossible to get rid of" malware
As researchers have discovered, the malware in question had a much more complex system than originally thought. When installing malicious software – which has been provided as a "fair use" tool intended to remove unnecessary or old files from internal cellular memory,. Android devices between 6.0 Marhsmallow and 7.0 Nougat -which are still used by a good number of Android device users even today.
Once advanced rights have been acquired in the system, i malware installation itself. The unique feature of this malware is that it can be is included in the program division, so that the user cannot easily remove it.
Performing malicious software installation on this partition, once advanced permissions were detected, the malware was able set partition to compose mode -Automatic is a read-only method, precisely to avoid security issues such as, among other things. Later, files related to malicious software are provided with an irrevocable quality that will prevent its removal even for users with root permission.
Fortunately it is possible to remove xHelper
Despite the sophisticated strategy used by xHelper to install and continue the program, the researchers found a the easiest way to remove malware of devices.
According to a report published by Kaspersky, Removing xHelper doesn't mean it completely distributes the system, because the system that is included in the system control is able to install malicious software after formatting the user data partition.
To proceed with complete elimination, it will be necessary turn to recovery mode of the device, and with it extract the libc.so file from the device's original firmware replace it with an infected file, which is currently in the phone system partition.
However, this solution did not work those where actual software was found to include such malware -More from Chinese origin manufacturers- because the original file will be infected with malicious code. If so, researchers recommend switch to firmware without any originality, such as third-party ROM compatible with device.
Follow Andro4all
About Christian Collado
Growth Editor at Andro4all, specializing in SEO. I am studying software development and writing about technology, especially the Android world and everything related to Google since 2016. You can follow me On Twitter, email me if you have something to tell me, or contact me via my LinkedIn profile.
My work group:
