Technology Nasty Android malware reinfects its targets, and no one...

Nasty Android malware reinfects its targets, and no one knows how



reader remarks

with 28 posters getting involved, consisting of story author

A commonly flowing piece of Android malware mostly targeting US-based phones utilized a smart technique to reinfect one of its targets in a task that puzzled scientists regarding exactly how it was managed.

When a scientist from security company Malwarebytes released this quick profile,

xHelper came to light last May. 3 months later on, Malwarebytes supplied a much deeper analysis after the business’s Android anti-virus app identified xHelper on 33,000 gadgets mainly situated in the United States, making the malware one of the top Android dangers. The file encryption and heavy obfuscation made analysis hard, however Malwarebytes scientists eventually concluded that the main function of the malware was to serve as a backdoor that might from another location get commands and install other apps.

On Wednesday, Malwarebytes released a brand-new post that stated the lengths one Android user required to rid her gadget of the harmful app. In other words, each time she eliminated 2 xHelper variations from the gadget, the malware would come back on her gadget within the hour. She reported that even carrying out a factory reset wasn’t enough to make the malware disappear.

Blind streets

Business scientists at first thought that pre-installed malware was the perpetrator. They ultimately dropped that theory after the user carried out a strategy that avoided system apps from running. Malwarebytes experts later on saw the malware suggesting that Google Play was the source of the reinfections, however they eliminated this possibility after more examination.

Ultimately (and with the aid of the Android user), business scientists lastly recognized the source of the reinfections: numerous folders on the phone which contained files that, when carried out, set up xHelper. All of the folders started with the string com.mufc. To the scientists’ surprise, these folders weren’t gotten rid of despite the fact that the user carried out a factory reset on the gadget.

“This is by far the nastiest infection I have encountered as a mobile malware researcher,” Malwarebytes’ Nathan Collier composed in Wednesday’spost “Usually a factory reset, which is the last option, resolves even the worst infection. I cannot recall a time that an infection persisted after a factory reset unless the device came with pre-installed malware.”


Surprise inside a directory called com.mufc.umbtts was an Android application plan, or APK, that dropped an xHelper variation. The variation, in turn, dropped more malware within seconds. And with that, xHelper when again alarmed the user’s gadget. The user lastly rid her gadget of the malware after utilizing an Android file manager to erase the mufc folders and all their contents. Since the malware was in some way determining Google Play as the source of the reinfection, Collier suggests individuals in a comparable position disable the Google Play Store app prior to eliminating the folders.

Collier still isn’t sure how the mufc folders concerned live on the phone in the first location or why they weren’t erased throughout factory reset. In October, security company Symantec likewise reported that users were grumbling that factory resets didn’t eliminate xHelper, however business scientists were likewise not able to discuss why. One theory, Collier stated, is that an xHelper alternative set up the folders and made them look like an SD card that wasn’t impacted by the factory reset (the user reported that her gadget didn’t have an SD card).

“I was under the assumption that files/directories were removed after a factory reset, but this proves that some things can be left over,” Collier composed in an e-mail. “There are still a lot of unknowns with this one. We’re just glad to have a resolution for our customers who may be struggling with this infection.”

Leave a Reply

Latest News

Without safe houses or jobs, Italy’s Roma fear coronavirus effect

Rome, Italy - Weeks into Italy's national quarantine and social media has actually been gone beyond with...

Tiny Harris Hints At A Potential Newborn Arrival For Tamar Braxton– Check Out The Video That Has People Talking

Tamar Braxton shared a video on her social media account in which she's flaunting her remarkable singing skill. What...

NYC Mayor On His Coronavirus Action: Now’s Not The Time To ‘Look In Reverse’

New York City City Mayor Expense de Blasio (D) on Sunday danced around a concern about his...

You might also likeRELATED
Recommended to you