1243469

Android smartphone users must be accustomed to daily warnings about malware-filled applications and adware that infects devices. Threats continue to grow rapidly, but the latest alert is probably one of the most interesting alerts to date.

The latest report from the Malwarebytes team found a new attack that could reinfect the even after deleting everything and performing a full factory reset.

The vulnerability is so serious that researcher Nathan Collier said: "This is by far the most nasty infection I have encountered."

This shocking Android Trojan, called xHelper, was actually discovered last year with the goal of infecting Google-powered devices with malware.

However, it now appears that this attack is much more serious than originally thought, because an Android user contacted Malwarebytes and reported that the bug had been returned, even though she had performed a full factory reset.

The owner said on the forum page: "I have a mobile phone infected with the xhelper virus. This tenacious pain is constantly disappearing.

"I'm technically biased, so I'm happy with common tips or other things I might need to do to make this disappear so the phone is actually usable!"

After delving into the and routing through endless folders on the phone, Malwarebytes found a hidden package that can reinstall itself every time the device is reset.

read more: Android battery life: Google could prepare huge boost for your smartphone

Even more worrying was the discovery that something in Google Play actually triggered the reinfection.

The malware byte is eager to point out that Google Play is not actually infected with malware. But some of these things triggered the reinfection in some way,

READ  ASUS ROG Phone 3 gets new 12GB + 128GB specifications in India: price, specifications

In addition, there may be things that use Google PLAY as a smoke screen, disguising it as an installation source for malware, when it actually comes from elsewhere.

"It's important to realize that even after a factory reset, unlike the app, directories and files remain on the Android mobile device. Therefore, the device will continue to be infected until the directories and files are deleted." Nathan of Malwarebytes Collier said.

If you encounter a re-infection of xHelper, please follow these steps to remove it:

• Install a file manager from the Google Play store, which can search files and directories

• Temporarily disable the Google Play Store to stop re-infection

• Go to Settings> Applications> Google Play Store

• Press the Disable button

• Run a scan for Android in Malwarebytes to remove xHelper and other malware

• Uninstalling manually may be difficult, but the names to look for in the "application" information are fireway, xhelper, and "Settings" [only if two settings apps are displayed]

• Open the file manager and search for anything that starts with com.mufc

• If found, note the last modified date

Speaking of new threats, Collier added: "However, this marks a new of mobile malware. The ability to re-infect with a hidden directory containing evasive detection APKs is both frightening and frustrating.

"We will continue to analyze this malware behind the scenes. At the same time, we hope this ends at least this chapter of a particular variant of xHelper."