xHelper - Persistent Android Trojan

Over the last six months, xHelper Trojan has infected more than 45,000 Android devices, mostly in the US, India and Russia. This Trojan variant is a dropper - it's used to deliver other malware to the infected device, for example banking Trojans or ransomware. Once in the system it registers as a foreground service, starts displaying ad pop-ups and downloading malicious applications. Unfortunately, it's extremely persistent and very difficult to combat - it can reinstall itself after being removed or even after a device factory reset.

Some researchers suspect that xHelper may be delivered through malicious system application, which may come pre-installed on some smartphones. Otherwise, to avoid infection with this persistent Trojan, users should:

  • always keep the software on their devices up to date,
  • not download applications from unfamiliar sites,
  • install applications only from trusted sources,
  • pay attention to the permissions requested by applications,
  • backup important data frequently.
Author image

About Ariadna Pawluk

Cybersecurity enthusiast, hunting all the freshest news, insights and tidbits.