Security News > 2020 > April > Please, just stop downloading apps from unofficial stores: Android users hit with 'unkillable malware'
An Android malware package likened to a Russian matryoshka nesting doll has security researchers raising the alarm, since it appears it's almost impossible to get rid of.
Known as xHelper, the malware has been spreading mainly in Russia, Europe, and Southwest Asia on Android 6 and 7 devices for the past year from unofficial app stores.
The malware changes the code for the mount() function in the system's shared libc core library to prevent the user and apps from doing the same in the future to delete the malicious program, thus locking itself in and locking victims out.
If you catch this malware, you can try to restore the vandalized libc in Android recovery mode, and then remount the system partition in write mode, and remove the malware yourself.
"If you have Recovery mode set up on your Android smartphone," said Golovin, "You can try to extract the libc.so file from the original firmware and replace the infected one with it, before removing all malware from the system partition. However, it's simpler and more reliable to completely reflash the phone."
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/04/08/xhelper_android_malware/
Related news
- Android malware uses NFC to steal money at ATMs (source)
- New NGate Android malware uses NFC chip to steal credit card data (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards (source)
- SpyAgent Android malware steals your crypto recovery phrases from images (source)
- New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys (source)
- Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide (source)
- New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram (source)
- New Vo1d malware infects 1.3 million Android TV streaming boxes (source)
- New Vo1d malware infects 1.3 million Android streaming boxes (source)