Over the last six months, xHelper Trojan has infected more than 45,000 Android devices, mostly in the US, India and Russia. This Trojan variant is a dropper - it's used to deliver other malware to the infected device, for example banking Trojans or ransomware. Once in the system it registers as a foreground service, starts displaying ad pop-ups and downloading malicious applications. Unfortunately, it's extremely persistent and very difficult to combat - it can reinstall itself after being removed or even after a device factory reset.
Some researchers suspect that xHelper may be delivered through malicious system application, which may come pre-installed on some smartphones. Otherwise, to avoid infection with this persistent Trojan, users should:
- always keep the software on their devices up to date,
- not download applications from unfamiliar sites,
- install applications only from trusted sources,
- pay attention to the permissions requested by applications,
- backup important data frequently.