Skip to main content
  1. Home
  2. Mobile
  3. News

Android malware keeps returning even after factory reset through Google Play

Aaron Mamiit
By

Cybersecurity firm Malwarebytes revealed a form of Android malware that keeps returning even after performing a factory reset on a smartphone.

Malwarebytes discovered the Android trojan named the xHelper in May 2019. The malware is capable of installing itself on an Android device without notifying the owner, then receives remote commands and downloads additional malware into the infected smartphone or tablet.

Unfortunately, it appears that xHelper is still evolving. Amelia, an Android device owner, reached out to the Malwarebytes support forum to seek help for a curious case.

Amelia was able to remove two variants of xHelper and a trojan agent from her Android device through Malwarebytes’ app. However, xHelper kept coming back less than an hour after it was removed, even after Amelia performed a factory reset on her phone.

In Malwarebytes’ investigation, the first suspect for the returning xHelper was pre-installed malware, which was a possibility because Amelia’s phone was made by an unnamed, lesser-known manufacturer. However, after Amelia was guided through the process of checking if this was the case, xHelper did not go away.

Malwarebytes then noticed that the source of installation for xHelper was Google Play. When the service was deactivated, the re-infections of the malware stopped.

The firm determined that Google Play itself was not infected with malware, but it was triggering the re-installation of xHelper. They then discovered an Android application package hidden inside the phone’s files that serves as a trojan dropper. Directories and files, including the APK, remain on an Android device even after a factory reset, unlike apps, which is how xHelper keeps infecting the phone. The method for installing the APK through something triggered by Google Play, however, is still under investigation.

Malwarebytes, which detailed a step-by-step guide for removing xHelper malware, tagged Amelia’s case as a “new era in mobile malware,” as a factory reset is usually the last, but effective, option in cleaning an infected device. Fortunately, Amelia “was as persistent as xHelper itself” in searching for the truth behind the case.

Hackers are continuously evolving, taking advantage of technology and current events for their attacks. As always, people should remain vigilant against cybersecurity threats and are recommended to reach out to experts for any suspected security risks.

Editors' Recommendations

Topics
Video-editing app LumaFusion to get a Galaxy Tab S8 launch
A tablet featuring the LumaFusion video editing app.
The best Samsung Galaxy Watch faces for style and utility
A woman wearing a Samsung Galaxy Watch 4 and smiling.
Spotify Wrapped 2022: what it is and how to view it
Spotify Wrapped 2022.
How Apple can fix iOS 16’s messy lock screen customization in iOS 17
iOS 16 lock screen on an iPhone 14 Pro
OnePlus’ new Android update policy matches Samsung, shames Google
OnePlus 10T camera module.
Save $225 on the unlocked Samsung Galaxy S22 Ultra with this deal
Samsung Galaxy S22 Ultra screen in hand.
Samsung Galaxy Z Fold 4 is $350 off — no trade-in needed
Samsung Galaxy Z Fold 4.
We asked the experts if biological sex affects heart rate sensor accuracy
The Apple Watch Ultra's heart rate sensor active.
I still love my iPhone 14 Pro, but not for the reason I expected
Deep Purple iPhone 14 Pro held in hand with a wooden gate in the background
The best iPhone apps to download in December 2022
iOS 14 App Library
Instafest app: How to make your own Spotify festival lineup
Instafest app running on an iPhone.
How old phones became the cool, good phones in 2022
iPhone 14 Pro and 13 Pro camera modules.
The best Android apps for December 2022
best Android apps