Malicious app hides itself, downloads other threats and displays ads
Symantec has observed a surge in detections for a malicious Android application that can hide itself from users,
download additional malicious apps, and display advertisements. The app, called Xhelper, is persistent. It is able
reinstall itself after users uninstall it and is designed to stay hidden by not appearing on the system’s launcher. The
app has infected over 45,000 devices in the past six months.
We have seen many users posting about Xhelper on online forums, complaining about random pop-up advertisements and how
the malware keeps showing up even after they have manually uninstalled it.
Xhelper infections
According to our telemetry, at least 45,000 devices have been impacted by the Xhelper malware. In the past month alone,
there was an average of 131devices infected each day, and an average of 2,400devices persistently infected throughout
the month. The malware mostly affects users in India, the U.S. and Russia.
Protection/Mitigation
Symantec and Norton products detect these malicious apps as the following:
We advise users to take the following precautions:
• Keep your software up to date.
• Do not download apps from unfamiliar sites.
• Only install apps from trusted sources.
• Pay close attention to the permissions requested by apps.
• Install a suitable mobile security app,such as NortonorSymantec Endpoint Protection Mobile,to protect your device and data.
• Make frequent backups of important data.
To read the full report please visit https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware.