A virus subscribes its victims to paid services without their consent – Geeko

As our colleagues at ZDNet report, a new kind of
virus has emerged and is particularly difficult to eradicate.

The xHelper malware stands out from its peers by its ability to reinstall itself after a smartphone reset. Discovered last March, the malware made more than 32,000 victims in just 5 months. Today, this number has grown to 45,000 infected smartphones. According to Symantec, a cybersecurity company, xHelper is infecting 131 new smartphones every day.

Compared to other malware, the threat of xHelper is quite limited given the slow deployment, but its dangerousness is mainly based on the fact that it can not be uninstalled.

In practice, the contamination of xHelper results in the untimely appearance of numerous ads and spam notifications on the phones. In some cases, this can make smartphones totally unusable. A method that generates revenue for the authors of the malware.

An autonomous presence

The virus would spread through application redirection pages. These websites offer to download unofficial applications outside the Play Store. However, the malware xHelper would be hidden in the code of these applications, like a Trojan. Once the application is installed, the malware detaches from its host application and spreads in the phone. Uninstalling the mother application will have no effect on the virus.

Resetting the factory settings of the infected smartphone would also have no effect on xHelper. Disabling the "Install applications from unknown sources" option would not scour the systematic reinstallation of the malware. The latter is still a mystery to the researchers of Symantec, as well as to Malwarebytes.