Home News Android Malware xHelper Reinstalls Itself After Factory Reset

Android Malware xHelper Reinstalls Itself After Factory Reset

Feb 19, 2020

Early in 2019, security experts raised concerns about a malware found on Android called xHelper. Malwarebytes released information back then about how this malware would install itself right onto your Android device without telling you. It appears xHelper is still a huge issue as it has now evolved into a bigger problem. In fact, it’s evolved to the point that this malware won’t go away even after a factory reset. We’ve got all of the newest details about this particular malware so keep reading to learn more.

Malware xHelper Doesn’t Disappear After Factory Reset on Android

If you’re using an Android device, you may want to know that xHelper malware is still a huge issue and has evolved to an even bigger problem. Malwarebytes was the security company that first found this malware back in 2019, and the cybersecurity firm is now warning once again about this dangerous malware. When this malware first was noticed, it had the ability to install itself without telling the Android user. It would also then receive commands remotely and download even more malware onto your Android device.

It’s now 2020, and this malware has evolved to the point that it won’t disappear even after you’ve completed a factory reset of your Android device. One user had reported that they used the app available from Malwarebytes to remove two different variants of this malware. The issue is that even after performing a factory reset of the Android device, the malware came back. This was after the Malwarebytes software had removed the xHelper malware from the device.

Malwarebytes App Removes Android Malware xHelper But it Returns a While Later

Malwarebytes was made aware of this latest issue with xHelper and began investigating it right away. The cybersecurity company helped that user go through the process of seeing if xHelper was preinstalled malware on the device. It was thought this could be the issue due to the phone being a lesser-known Android manufacturer.

The user went through the steps with Malwarebytes and it was determined that this was not the issue. Looking at the source of xHelper it ended up being Google Play. That is definitely bad news since Google Play runs automatically on all Android devices. It was then found that if Google Play was deactivated then the malware reinfections completely stopped.

What Malwarebytes determined from this was that while Google Play wasn’t infected with xHelper, the service was actually triggering the malware to keep reinstalling itself. That is why even after a factory reset of the Android device the malware continued to come back.

It was then discovered that hidden within the phone files was an Android application package. This basically was the reason the trojan kept coming back. APK, files, and directories all will remain on the Android device even after you’ve performed a factory reset. Google Play was basically how this malware APK was triggered and that’s why the factory reset wasn’t working.

Are You Worried About xHelper & Other Evolving Malware on Android?

Malwarebytes was able to help this user get rid of the malware once the Android application package was found. The company is warning people that xHelper is just one of many malware that evolved and is now more of an issue to find than before. It will take more than a simple factory reset to remove malware.

This is especially true once it has evolved to use Google Play as the trigger for reinstallation. The best thing you can do to protect yourself is to be careful when it comes to downloading apps. Only use trusted sources and never download any files you don’t recognize. In the comments below, we want to know whether or not you worry about malware on your Android device.

Do you use anti-virus or anti-malware software on your Android device to help protect yourself from issues such as this? What other steps do you take to ensure that malware is not getting onto your Android device? Are you worried that as malware continues to evolve that it will get to a point that no protection software will keep you safe? Do you think using Google Play as a trigger for malware will be a new trend?