[SingCERT] xHelper Malware Targeting Android Devices

Published on Thursday, 31 October 2019 15:53

Background

A new malware, xHelper, is found to target Android-based devices. The source of the infections is reportedly from web redirects that send users to web pages hosting unofficial Android apps outside the Play Store. Codes hidden in these apps download the xHelper malware automatically. 

Once installed, the malware is able to reinstall itself even after a user uninstalls the original app or do a factory reset of the infected device.

Impact

The xHelper malware is currently known to be engaging in spam activities and revenue-generating popup advertisements. As the xHelper malware is also known to be able to download and install other apps, it could be used to download other malicious malware such as ransomware, banking trojans, or password stealers onto infected devices.

Recommendations

Currently, it is near impossible to remove the malware as the malware reinstalls itself even after a factory reset of the infected device. Thus, prevention is key to avoid getting infected by the xHelper malware. SingCERT recommends that users adopt the following measures:
• Only install applications from the official Google Play Store, and pay close attention to permissions requested by the applications during installation
• Keep your mobile devices’ security up-to-date and protect them with updated anti-virus software
• Perform anti-virus scans and regular backups of important data 

References