Skip to main content

Android malware keeps returning even after factory reset through Google Play

Cybersecurity firm Malwarebytes revealed a form of Android malware that keeps returning even after performing a factory reset on a smartphone.

Malwarebytes discovered the Android trojan named the xHelper in May 2019. The malware is capable of installing itself on an Android device without notifying the owner, then receives remote commands and downloads additional malware into the infected smartphone or tablet.

Unfortunately, it appears that xHelper is still evolving. Amelia, an Android device owner, reached out to the Malwarebytes support forum to seek help for a curious case.

Amelia was able to remove two variants of xHelper and a trojan agent from her Android device through Malwarebytes’ app. However, xHelper kept coming back less than an hour after it was removed, even after Amelia performed a factory reset on her phone.

In Malwarebytes’ investigation, the first suspect for the returning xHelper was pre-installed malware, which was a possibility because Amelia’s phone was made by an unnamed, lesser-known manufacturer. However, after Amelia was guided through the process of checking if this was the case, xHelper did not go away.

Malwarebytes then noticed that the source of installation for xHelper was Google Play. When the service was deactivated, the re-infections of the malware stopped.

The firm determined that Google Play itself was not infected with malware, but it was triggering the re-installation of xHelper. They then discovered an Android application package hidden inside the phone’s files that serves as a trojan dropper. Directories and files, including the APK, remain on an Android device even after a factory reset, unlike apps, which is how xHelper keeps infecting the phone. The method for installing the APK through something triggered by Google Play, however, is still under investigation.

Malwarebytes, which detailed a step-by-step guide for removing xHelper malware, tagged Amelia’s case as a “new era in mobile malware,” as a factory reset is usually the last, but effective, option in cleaning an infected device. Fortunately, Amelia “was as persistent as xHelper itself” in searching for the truth behind the case.

Hackers are continuously evolving, taking advantage of technology and current events for their attacks. As always, people should remain vigilant against cybersecurity threats and are recommended to reach out to experts for any suspected security risks.

Editors' Recommendations

Aaron Mamiit
Aaron received a NES and a copy of Super Mario Bros. for Christmas when he was 4 years old, and he has been fascinated with…
Google flags preinstalled malware as hidden threat on millions of Android phones
Android

Maddie Stone, a security researcher on Google's Project Zero and a former tech lead on the Android Security team, flagged preinstalled malware on millions of new Android smartphones as a hidden threat that requires more attention.

Stone shared her team's findings at the Black Hat USA 2019 conference in Las Vegas, in a presentation in which she said that a smartphone may have as many as 400 preinstalled apps out of the box. This is a major problem because attackers are attempting to hide malware in the preinstalled apps, as it is easier to convince one manufacturer to agree to a preloaded app than to convince thousands of users to download an infected file.

Read more
Stalking apps: Google deletes 7 Android trackers from the Play Store
how to send money on facebook smartphone friends internet connection

While there are already a bunch of legitimate apps and services that can let you know the whereabouts of family or friends, there are also a few sinister variations that let abusive types spy on partners, among others.

Antivirus firm Avast revealed on Wednesday that its researchers recently uncovered seven so-called “stalkerware” apps on the Google Play Store, all of which have now been removed by the web giant.

Read more
Get this Samsung tablet for under $100 for Memorial Day
Samsung Galaxy Tab A7 Lite in the hands.

While some of the best tablets can compete with budget laptops in terms of what they can do, that performance comes at a cost that some folks might not need. If you just want something simple for streaming or reading, you don't need to grab the best of the best, and something like the Samsung Galaxy Tab A7 Lite is perfect for that. Not only is it budget-friendly, but it also has a great early Memorial Day deal on it from Walmart that brings the price down even further. While it usually goes for $159, Walmart is discounting it down to just $99, saving you a whopping $60 in the process.

Why you should buy the Samsung Galaxy Tab A7 Lite
While the Samsung Galaxy Tab A7 Lite may not be the best of devices, there's a lot to love about it, such as the fact that you get a pretty solid 8.7-inch for less than $100. It does run a lower 1340 x 800 resolution, but that's not too bad on a smaller screen where you likely won't notice it; plus, it does mean you use less bandwidth to stream content. Interestingly, it also has a fingerprint reader, which is pretty rare on more budget-friendly devices but makes opening and closing the tablet pretty easy.

Read more