Hundreds of new variants of malware for mobile devices were detected last year. Among all these malicious developments, one caught the attention of ethical hacking specialists and enthusiasts. Usually known as xHelper, this malware managed to infect about 50,000 Android devices in less than six months, becoming one of the main threats to users of this operating system.
The main feature of xHelper is the difficulty in being removed from the infected system, as the malware is able to install itself on the compromised device even if the user performs a factory reset. After installation, xHelper begins to display invasive advertisements to the victims; in addition, it is able to install other malicious apps.
Months after its detection, a group of ethical hacking researchers has finally found a way to completely remove xHelper from an Android smartphone without using factory reset, so the files stored on the device will remain secured.
The procedure for removing xHelper is described below:
- Install the free version of the Malwarebytes app for Android
- Install a File Manager app from Play Store, ASTRO, for example. This app has a feature to search for files and directories
- Temporarily disable Google Play; for this, go to Settings> Apps> Google Play and tap “Disable”
- Start scanning your device with the Malwarebytes app, which will remove malware. Users can also manually uninstall xHelper if they can detect the ‘fireway’ and ‘xHelper’ apps in the list of installed apps. In addition, in case you find two applications called “Settings”, you should remove the one from the unrecognized icon, as it is likely to be a malicious file
- Open the newly installed file manager and search for any files that start with “com.mufc”
- Enter the last modification date of the files. Then delete these files and delete any other unrecognized files with the same modification date
- Finally, enable Google Play on your device
Ethical hacking specialists claim that this method removes any traces of xHelper on the affected device, ensuring that the malware will not be reinstalled again.
The International Institute of Cyber Security (IICS) mentions that xHelper infections remain a constant threat in the wild, so the dissemination of this method can be useful in combating the extent of the operators of this malware.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.