Malwarebytes has identified a new malware strain that has affected 45,000 Android devices to date.

According to security researchers, this malware has one of the most efficient methods to disguise itself and evade any kind of antivirus.

Spread By Websites That Allow Sideloading of Apps

Symantec revealed that Android malware is pushed by websites that allow users to sideload apps on their devices.

Once a user installs an app from a third-party website, xHelper trojan is installed on the target’s smartphone.

After the installation, the trojan works by displaying frequent popups and notifications.

As per the studies conducted by both Symantec and Malwarebytes, xHelper malware does not conduct any malicious activity that could lead to the loss of your personal data.

It encourages users to play online games and download other apps.

The group behind the malware earns money through the clicks on advertisements and the installation of apps.

Cannot Be Removed Even After Factory Reset

One of the most intriguing thing about this malware is that bad actors behind it have ensured that it is nearly impossible to remove the malware from a smartphone.

It uses encryption to obscure itself.

According to Malwarebytes, xHelper app comes in two variants — semi-stealth and full-stealth.

In both the variants, no app icon is created which makes it even more difficult to spot it by normal users.

No icon or shortcut means that you cannot uninstall the app causing the frequent notifications.

The only way to notice the malware is a notification icon that appears when the app is working in the semi-stealth mode.

The full stealth mode doesn’t even show the notification which is the only means to spot it in your device.

xHelper has been coded to run automatically when certain actions like device boot up, network connection are evoked.

Once it starts operating as the foreground service, the malware cannot be removed even if you remove the app that bundled the xHelper trojan.

Researchers at Symantec haven’t yet figured out how the malware manages to remain on the device even after a factory reset or a user decides to manually stop the service.

Avoid Sideloading apps

Since there is no method to remove the malware once it has affected your device, it is better to avoid websites that allow sideloading of apps.

Also, keep an eye on the links you are redirected to while surfing the internet.

Refrain from clicking on fishy popups to keep your device safe.


To be aware of any malware on your Android device by using a real Anti-Malware app that really works.

Remember to share this article with your friends, and on your preferred social networks.

Thanks for reading.


Source: FossBytes


Jonathan Terreo

Jonathan is a Software/Web Developer that loves blogging in the free time. He loves to upload quality content to his websites. He is a WordPress/SEO expert due to his experience.

eget ipsum mi, amet, pulvinar sem, Curabitur suscipit id diam eleifend odio