Security company, Symantec, has just issued a warning about a new mysterious malware that has infected over 45,000 Android devices in the past six months.
Once installed, the malware, dubbed xHelper, hides itself on infected devices. But that’s not even the worst part, Symantec calls xHelper a “persistent” malware because it can reportedly reinstall itself even after users delete it or factory reset their device.
As Symantec notes, this suggests that a second malicious app that works as a system app is downloading and installing xHelper. The researchers say they are currently investigating this possibility.
Also worth noting, xHelper continues to evolve over time.
“We strongly believe that the malware’s source code is still a work in progress,” the researchers write.
As a result, there is no way to know what xHelper is fully capable of.
“We believe the pool of malware stored on the C&C server to be vast and varied in functionality, giving the attacker multiple options, including data theft or even complete takeover of the device,” they write.
Even more, the researchers say that within the code, there are many references to Jio, India’s largest 4G network. But Jio isn’t the only victim. Researchers note that xHelper seems to be targeting people in India, Russia, and the United States, as well.
So what can you do?
If you use one or more Android devices, avoid downloading apps from anywhere but an official app store such as the Google Play Store or Samsung’s Galaxy Apps Store. Also, read reviews before downloading applications, make sure all of your applications are up to date, and make sure you have a good antivirus app installed.