Do you suddenly get adverts popping up onto your smart phone screen then freezing your phone? The cause for all that disgusting experience is a sophisticated virus known as xHelper that is hiding inside your phone.
xHelper has eluded local technicians that are mostly used to replacing broken screens, formatting phones and helping users to connect to Whatsapp and Facebook.
The trends are changing every month, and this will require down town Kigali phone technicians to shift mostly to software solutions.
But let us focus on this stressful xHelper malware that has become a common disturbance to many smartphone owners. It just brings onto your phone unwanted ads.
According to Paul Bischoff, Privacy Advocate, Comparitech xHelper comes from an app downloaded outside of the official app store.
“Unless you absolutely trust the developer, Android users should stick with apps on the Play Store, which have been vetted by Google. That’s not to say the Play Store is perfect—there are plenty of bad apps there, too—but it certainly lowers the odds of downloading a malicious app,” he says.
How xHelper survives factory resets is still a mystery; even if users spot the xHelper service in the Android operating system’s Apps section, removing it doesn’t work, as the trojan reinstalls itself every time, even after users perform a factory reset of the entire device.
In some cases, users said that even when they removed the xHelper service and then disabled the “Install apps from unknown sources” option, the setting kept turning itself back on, and the device was reinfected in a matter of minutes after being cleaned.
xHelper apps first surfaced in March 2019 and during that time, malware’s code was relatively simple, and its main function was visiting advertisement pages for monetization purposes. The code has changed over time.
Initially, the malware’s ability to connect to a C&C server was written directly into the malware itself, but later this functionality was moved to an encrypted payload, in an attempt to evade signature detection.
Some older variants included empty classes that were not implemented at the time, but the functionality is now fully enabled. As described previously, Xhelper’s functionality has expanded drastically in recent times.