Skip to main content

Android malware keeps returning even after factory reset through Google Play

 

Cybersecurity firm Malwarebytes revealed a form of Android malware that keeps returning even after performing a factory reset on a smartphone.

Recommended Videos

Malwarebytes discovered the Android trojan named the xHelper in May 2019. The malware is capable of installing itself on an Android device without notifying the owner, then receives remote commands and downloads additional malware into the infected smartphone or tablet.

Unfortunately, it appears that xHelper is still evolving. Amelia, an Android device owner, reached out to the Malwarebytes support forum to seek help for a curious case.

Amelia was able to remove two variants of xHelper and a trojan agent from her Android device through Malwarebytes’ app. However, xHelper kept coming back less than an hour after it was removed, even after Amelia performed a factory reset on her phone.

In Malwarebytes’ investigation, the first suspect for the returning xHelper was pre-installed malware, which was a possibility because Amelia’s phone was made by an unnamed, lesser-known manufacturer. However, after Amelia was guided through the process of checking if this was the case, xHelper did not go away.

Malwarebytes then noticed that the source of installation for xHelper was Google Play. When the service was deactivated, the re-infections of the malware stopped.

The firm determined that Google Play itself was not infected with malware, but it was triggering the re-installation of xHelper. They then discovered an Android application package hidden inside the phone’s files that serves as a trojan dropper. Directories and files, including the APK, remain on an Android device even after a factory reset, unlike apps, which is how xHelper keeps infecting the phone. The method for installing the APK through something triggered by Google Play, however, is still under investigation.

Malwarebytes, which detailed a step-by-step guide for removing xHelper malware, tagged Amelia’s case as a “new era in mobile malware,” as a factory reset is usually the last, but effective, option in cleaning an infected device. Fortunately, Amelia “was as persistent as xHelper itself” in searching for the truth behind the case.

Hackers are continuously evolving, taking advantage of technology and current events for their attacks. As always, people should remain vigilant against cybersecurity threats and are recommended to reach out to experts for any suspected security risks.

Aaron Mamiit
Aaron received an NES and a copy of Super Mario Bros. for Christmas when he was four years old, and he has been fascinated…
Samsung Galaxy Z Flip 7: the upgrade we’ve been waiting for?
Thre Flip 7 models next to each other

I never really thought that I'd want to go down the route of owning a flip phone, ever since I swore off my Nokia in the early 2000s (you know, the one with the weird felt covering and tiny notification window).

Fast forward two decades, and I'm considering rejoining the race, thanks to the Samsung Galaxy Z Flip 7. Coming in at $1,100, it's not cheap, but it's definitely something different compared to the world of black rectangles, and it it feels like Samsung’s Flip family has finally come of age.

Read more
I used the Galaxy Z Fold 7, here’s why I’m completely smitten
The back of the Galaxy Z Fold 7

We’ve waited several years for Samsung to join the party, but it’s finally here: Samsung has followed rivals like Oppo, OnePlus, and Honor in building a thinner, lighter, and sleeker Galaxy Z Fold 7. It’s an impressive feat of engineering and a major upgrade over previous years.

It’s easy to consider the Fold 7 nothing more than an update to the Galaxy Z Fold 6, but in many ways, it feels like a huge step forward, not just for Samsung but for all folding phones. I spent a few hours with the Galaxy Z Fold 7 in an exclusive preview, and here’s why I absolutely love what Samsung has done this year.

Read more
I tried the Samsung Galaxy Watch 8 series – they’re sleek, but with a lot to prove
Watch 8 on a wrist

Trying out the Samsung Galaxy Watch 8 and Watch 8 Classic is a tough gig - not in terms of it being a hardship to try out two high-end models, but that it's impossible to assess them with only 30 minutes’ use.

I can easily talk about the improved design and the fit of the straps etc, but the real changes are within the health ecosystem, and they'll need sustained testing to really understand if they're any good.

Read more