Nasty Android malware reinfects its targets, and no one knows how

by
Dan Goodin
from Ars Technica - All content on (#4ZA7M)
factory-reset-800x423.jpg

Enlarge

A widely circulating piece of Android malware primarily targeting US-based phones used a clever trick to reinfect one of its targets in a feat that stumped researchers as to precisely how it was pulled off.

xHelper came to light last May when a researcher from security firm Malwarebytes published this brief profile. Three months later, Malwarebytes provided a deeper analysis after the company's Android antivirus app detected xHelper on 33,000 devices mostly located in the US, making the malware one of the top Android threats. The encryption and heavy obfuscation made analysis hard, but Malwarebytes researchers ultimately concluded that the main purpose of the malware was to act as a backdoor that could remotely receive commands and install other apps.

On Wednesday, Malwarebytes published a new post that recounted the lengths one Android user took to rid her device of the malicious app. In short, every time she removed two xHelper variants from the device, the malware would reappear on her device within the hour. She reported that even performing a factory reset wasn't enough to make the malware go away.

Read 6 remaining paragraphs | Comments

index?i=Bv9GZ6-wZLk:CT8Q-dnsGNs:V_sGLiPB index?i=Bv9GZ6-wZLk:CT8Q-dnsGNs:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments