Android smartphone users must be accustomed to daily warnings about malware-filled applications and adware that infects devices. Threats continue to grow rapidly, but the latest alert is probably one of the most interesting alerts to date.
The latest report from the Malwarebytes team found a new attack that could reinfect the phone even after deleting everything and performing a full factory reset.
The vulnerability is so serious that mobile researcher Nathan Collier said: "This is by far the most nasty infection I have encountered."
This shocking Android Trojan, called xHelper, was actually discovered last year with the goal of infecting Google-powered devices with malware.
However, it now appears that this attack is much more serious than originally thought, because an Android user contacted Malwarebytes and reported that the bug had been returned, even though she had performed a full factory reset.
The owner said on the forum page: "I have a mobile phone infected with the xhelper virus. This tenacious pain is constantly disappearing.
"I'm technically biased, so I'm happy with common tips or other things I might need to do to make this feature disappear so the phone is actually usable!"
After delving into the settings and routing through endless folders on the phone, Malwarebytes found a hidden package that can reinstall itself every time the device is reset.
Even more worrying was the discovery that something in Google Play actually triggered the reinfection.
The malware byte is eager to point out that Google Play is not actually infected with malware. But some of these things triggered the reinfection in some way,
In addition, there may be things that use Google PLAY as a smoke screen, disguising it as an installation source for malware, when it actually comes from elsewhere.
"It's important to realize that even after a factory reset, unlike the app, directories and files remain on the Android mobile device. Therefore, the device will continue to be infected until the directories and files are deleted." Nathan of Malwarebytes Collier said.
If you encounter a re-infection of xHelper, please follow these steps to remove it:
• Install a file manager from the Google Play store, which can search files and directories
• Temporarily disable the Google Play Store to stop re-infection
• Go to Settings> Applications> Google Play Store
• Press the Disable button
• Run a scan for Android in Malwarebytes to remove xHelper and other malware
• Uninstalling manually may be difficult, but the names to look for in the "application" information are fireway, xhelper, and "Settings" [only if two settings apps are displayed]
• Open the file manager and search for anything that starts with com.mufc
• If found, note the last modified date
Speaking of new threats, Collier added: "However, this marks a new era of mobile malware. The ability to re-infect with a hidden directory containing evasive detection APKs is both frightening and frustrating.
"We will continue to analyze this malware behind the scenes. At the same time, we hope this ends at least this chapter of a particular variant of xHelper."