Skip to main content
  1. Home
  2. Phones
  3. Android
  4. Mobile
  5. News

Android malware keeps returning even after factory reset through Google Play

By
 

Cybersecurity firm Malwarebytes revealed a form of Android malware that keeps returning even after performing a factory reset on a smartphone.

Recommended Videos

Malwarebytes discovered the Android trojan named the xHelper in May 2019. The malware is capable of installing itself on an Android device without notifying the owner, then receives remote commands and downloads additional malware into the infected smartphone or tablet.

Unfortunately, it appears that xHelper is still evolving. Amelia, an Android device owner, reached out to the Malwarebytes support forum to seek help for a curious case.

Amelia was able to remove two variants of xHelper and a trojan agent from her Android device through Malwarebytes’ app. However, xHelper kept coming back less than an hour after it was removed, even after Amelia performed a factory reset on her phone.

In Malwarebytes’ investigation, the first suspect for the returning xHelper was pre-installed malware, which was a possibility because Amelia’s phone was made by an unnamed, lesser-known manufacturer. However, after Amelia was guided through the process of checking if this was the case, xHelper did not go away.

Malwarebytes then noticed that the source of installation for xHelper was Google Play. When the service was deactivated, the re-infections of the malware stopped.

The firm determined that Google Play itself was not infected with malware, but it was triggering the re-installation of xHelper. They then discovered an Android application package hidden inside the phone’s files that serves as a trojan dropper. Directories and files, including the APK, remain on an Android device even after a factory reset, unlike apps, which is how xHelper keeps infecting the phone. The method for installing the APK through something triggered by Google Play, however, is still under investigation.

Malwarebytes, which detailed a step-by-step guide for removing xHelper malware, tagged Amelia’s case as a “new era in mobile malware,” as a factory reset is usually the last, but effective, option in cleaning an infected device. Fortunately, Amelia “was as persistent as xHelper itself” in searching for the truth behind the case.

Hackers are continuously evolving, taking advantage of technology and current events for their attacks. As always, people should remain vigilant against cybersecurity threats and are recommended to reach out to experts for any suspected security risks.

Aaron Mamiit
Aaron Mamiit
Former Contributor
Aaron received an NES and a copy of Super Mario Bros. for Christmas when he was four years old, and he has been fascinated…
Topics
Apple’s next iPad mini could take a big leap in performance and visual experience
Apple's smallest tablet may be on track for its most significant leap yet, combining a next-generation A20 Pro chip with an OLED display.
Person holding the iPad Mini 7.

Apple's next iPad mini could be significantly more powerful than its predecessor, says a MacRumors report. The publication claims that the purported iPad mini could feature Apple's A20 Pro chip, and if you haven't heard its name yet, that's because it is supposed to launch alongside the iPhone 18 Pro models in 2026.

Not too long ago, rumors claimed that the eighth-generation iPad mini will feature the A19 Pro chip, the one powering the iPhone 17 Pro models. While that would also have provided a considerable performance boost over the A17 Pro chip in the current-generation iPad mini, the A20 Pro could be a monumental jump for the iPad mini, giving it enough headroom for several years.

Read more
Instacart may have charged you more for the same groceries and it’s just another case of AI hell
Instacart

A new investigation by Consumer Reports, in collaboration with Groundwork Collaborative and More Perfect Union, suggests that Instacart’s use of artificial intelligence in pricing experiments may have resulted in shoppers paying different amounts for the same groceries.

The findings point to a system where prices can quietly vary between users, even when orders are placed at the same retailer, at the same time, and for identical products. The study tracked over 400 Instacart users across four major U.S. cities and found that the price tag on a carton of eggs or a bag of chips often depended on who was holding the phone.

Read more
Your Pixel could soon get better at avoiding accidental pocket dials
Google appears to have finally addressed an issue that has frustrated Pixel users for years.
Rear shell of Google Pixel 10 Pro.

Google is finally addressing a long-standing issue that has frustrated Pixel users for several years. The company recently marked the accidental touch prevention problem that has been around since the Pixel 6 days as "fixed" in its public bug tracker, indicating that a solution is on the way.

Pixel phone users have long dealt with accidental actions, like unintended calls, apps opening on their own, and the flashlight turning on while the device sits in their pocket. While brands like Samsung and OnePlus offer a built-in accidental touch protection feature that uses the proximity sensor to disable touch input when the device is in a pocket or bag, Google has yet to offer a comparable solution on its Pixel lineup.

Read more