Persistent malware reinstalls itself on Android devices even after factory reset

Persistent malware reinstalls itself on Android devices even after factory reset
Cybersecurity is one very important area of technology, as well as a battle field of innovation between hackers and cybersecurity professionals. These days, malicious hackers can find incredibly sneaky ways to get their hands into your device’s operating system. Android is not safe from malware infections and today, BGR has shared information about the latest threat, one of the more persistent ones to plague Android phones at the moment.

Apparently, there are some malicious apps that can be installed from Google Play, even though Google is trying to immediately delete such apps when it finds them. However, some of them have been capable of logging in to your Google and Facebook accounts, spreading malware or changing your device’s configuration.

The cybersecurity company Malwarebytes, which has been working to limit cyber threats and to find ways to disinfect devices, announced its professionals have stumbled upon the most persistent malware for Android they have ever seen. The virus is called xHelper and it’s a trojan dropper that invisibly installs itself on a given Android device, downloads additional malware and displays ads to an extent that the phone becomes almost unusable.

We all know that when you’re fighting something cyber-terrible, your last resort is a factory reset of the affected Android device. However, even after this action, the nasty malware manages to reinstall itself. While trying to find a way to resolve the issue, Malwarebytes actually discovered that the installation comes from Google Play. Somehow, the malware was being triggered by Google Play to reinstall itself.

You don’t have to worry that Google Play itself is infected though - Malwarebytes are assuring us it’s not Google Play that’s infected, but the malware could be using Google Play as a smokescreen to hide its real source.

Symantec is also raising awareness for this malicious trojan. The app is targeting US and Russian users and has infected over 45,000 devices. The virus xHelper has been on the malware scene since May 2019.

However, Malwarebytes is sharing with us the steps to remove it and stop it from reinstalling itself:

  1. Malwarebytes recommend to install their free app for Android for the main part of the virus deletion (it’s probable that you can use other anti-malware apps as well but we can’t be sure)
  2. Install a file manager of your choosing from Google Play
  3. Disable temporarily Google Play by going into Settings > Apps > Google Play Store
  4. Run a scan in Malwarebytes’ app to remove xHelper and other malware, or search manually for names such as fireway, xhelper and Settings (only if two settings apps are displayed)
  5. Open the file manager and find any file starting with com.mufc.
  6. If you find it, take a note of its last modified date (you can sort by date to find information more easily)
  7. Delete anything starting with com.mufc. as well as anything from the same date (except core directories such as Download or others)
  8. Re-enable Google Play

According to Malwarebytes, that should resolve the issue. However, if you find that the issue persists and you’ve used Malwarebytes’ app, you could contact Malwarebytes’ Support.

Even though it’s not possible to know every malware in existence, there are several security practices that everyone can follow to limit their exposure to unwanted software. Security professionals advise to keep your software up to date with all security patches available, not to download apps from unfamiliar websites or untrusted sources, to be diligent with granting permissions to an app, to regularly back-up your data and to install a security app of your choosing for additional protection.

FEATURED VIDEO

3 Comments

1. OppositeCube

Posts: 1; Member since: Feb 14, 2020

Android security a "joke" yeah when was the last time iCloud and Apple's entire database got hacked by a 15-year-old?

2. darkwintercloud

Posts: 39; Member since: Oct 04, 2017

Cyber security is like an Hydra. Cut one "head", seven grows from it. Theres no holy grail for mobile security anymore, the only safety is not to use it, wich is ridiculous, so we are probably just running a cat / mouse game with hackers. You close one door, another one opens, and that goes on and on, as always, in the cyber security history. iOS, Android, Windows Phone, Linux, Sailfish OS, name anything, they have a fault that can be exploited. Just stop this f*cking BS about iOS/ Android being more secure than the later. It all depends on how much effort someone or a team put toward any new flaw discovered.

4. darkkjedii

Posts: 31812; Member since: Feb 05, 2011

I see what you did there lol

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless