Home - - Cybersecurity Firm Discovers Persistent Malware

Cybersecurity Firm Discovers Persistent Malware

Cybersecurity continues to be an issue with many technology users. And even though Google, with all its teams of experts, actively does its part to get rid of malicious apps, there are some that manage to get through. Once they do, they are able to log into personal accounts and spread malware. There are even some that manage to change the configuration of the device.

Just recently, cybersecurity company Malwarebytes was able to discover a new malware that they describe as the most persistent Android malware they've ever encounter. The virus, called xHelper, is a trojan dropper that manages to install itself on an Android device invisibly. When it is able to do so, it is able to download additional malware and display ads on the device.

The newly discovered virus, unfortunately manages to stay on the device even though a factory reset has been done. The cybersecurity company discovered that after the reset, the malware manages to reinstall itself.

The company looked for ways to fix the issue. One discovery they made was that the installation directly comes from Google Play. This meant that the malware was able to reinstall itself by triggering Google Play.  However, this doesn't imply that Google Play is infected. It's possible that the malware is using Google Play as a smokescreen to conceal its real source.

As discovered, the app has been targeting US and Russian users ever since it was released last May 2019. It has already infected more than 45,000 devices.

To protect your device from getting affected, Malwarebytes has shared some steps to do so:

  • Install Malwarebytes free Android app to detect the virus.
  • Install a file manager
  • Disable Google Play temporarily
  • Open Malwarebytes app and run a scan to remove xHelper and other malware. You can also do a manual search for xhelper, fireway, and Settings (only if there are two settings apps displayed)
  • Open file manager app. Look for any file that starts with com.mufc
  • If you find any file, look at its last modified date
  • Delete anything that starts with the file and everything from the same date, excluding core directories)
  • Re-enable Google Play

Malwarebytes says this should fix the problem. But if you see that the problem persists after the process, you can get in touch with their support team for assistance.

Source: PhoneArena 


0 comments to "Cybersecurity Firm Discovers Persistent Malware"

Leave a comment

All comments must be approved before they will appear. The following types of comments will not be approved: off topic comments, insults or personal attacks directed at other commenters, bigotry, hate, sexism and profanity.