Security News > 2020 > April > xHelper: The Russian Nesting Doll of Android Malware
The "Undeletable" xHelper malware - which ultimately results in the installation of the Triada trojan - has become a virulent scourge for Android devices this year, according to researcher analysis - bringing with it a hallmark of being virtually indestructible for the common user.
According to analysis by Kaspersky, the latest sample of xHelper uses a Russian nesting-doll type architecture to worm its way into the heart of Android devices.
The malware sends that off to a remote server and then starts unpacking a dropper-within-a-dropper-within-a-dropper - thus evoking the aforementioned nesting dolls.
"The malware can gain root access mainly on devices running Android versions 6 and 7 from Chinese manufacturers," said Golovin.
"If you have 'recovery' mode set up on your Android smartphone, you can try to extract the libc.so file from the original firmware and replace the infected one with it, before removing all malware from the system partition," he said.
News URL
https://threatpost.com/xhelper-russian-nesting-doll-android-malware/154519/
Related news
- Russian army targeted by new Android malware hidden in mapping app (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)
- Counterfeit Android devices found preloaded With Triada malware (source)
- Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices (source)
- SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps (source)