Tech & Science : This New Android Malware Can Survive A Factory Reset - - PressFrom - Australia
  •   
  •   

Tech & Science This New Android Malware Can Survive A Factory Reset

00:20  31 october  2019
00:20  31 october  2019 Source:   lifehacker.com.au

If you have any of these 17 dangerous apps on your iPhone, delete them right now

  If you have any of these 17 dangerous apps on your iPhone, delete them right now Mobile security company Wandera issued a report Thursday afternoon identifying 17 apps in Apple's App Store infected with clicker Trojan malware, all of which are tied to the same India-based developer. By Friday morning, Apple confirmed they’d been booted from the App Store.

Here’s a fun one: There’s new Android malware making the rounds that is not only irritating—thanks, pop-up ads—but it’s also incredibly difficult to remove from your Android device once you’re infected. Though this somewhat- new “xHelper” malware has affected a low number of Android users so far

MalwareBytes has identified a new malware strain that has affected 45,000 Android devices to date. Researchers at Symantec haven’t yet figured out how the malware manages to remain on the device even after a factory reset or a user decides to manually stop the service.

Photo: <a href= © Provided by Pedestrian TV Group Pty Ltd Photo: Shutterstock" out-link" src="https://www.shutterstock.com/image-photo/phuket-thailand-october-24-2019-broken-1540317557?src=_cXXozepDbx88tJdQlgsKw-1-3">Shutterstock">

Here’s a fun one: There’s new Android malware making the rounds that is not only irritating—thanks, pop-up ads—but it’s also incredibly difficult to remove from your Android device once you’re infected.

Though this somewhat-new “xHelper” malware has affected a low number of Android users so far (around 45,000, estimates Symantec), the fact that nobody has any clear advice on how to remove it is a worrisome fact. While the odds are good that you won’t get hit with this malware, given its low installation rate so far—even though it’s been active since March—you should still know what it does and how to (hopefully) avoid it.

Apple removed 18 harmful apps from the App Store, but some of them are still available for Android users without adware

  Apple removed 18 harmful apps from the App Store, but some of them are still available for Android users without adware Apple removed 18 harmful apps from the App Store on Friday. All of the apps were published by developer AppAspect Technologies, and contained adware, which can open links or webpages in the background and click them without the user's knowledge.The apps, which were discovered by security company Wandera, span fitness, productivity, travel, and other categories. They were all published by India-based developed AppAspect Technologies Pvt. Ltd.ZDNet was the first to report that the apps were removed.

Email. Facebook. Whatsapp. Pinterest. Twitter. Advertisement. Desktops aren’t the only devices that pick up viruses. While it’s not a common occurrence, Android devices can indeed suffer from malware . If you do get a virus, you could perform a factory reset to get rid of it

In rare cases, malware CAN survive a factory reset . Factory backup location gets infected or is the source of infection. Malware is aware that factory reset is done and can intercept the process (depends on devices). Malware is distributed through the local network and reinfects device just after

As Malwarebytes describes, xHelper starts by concealing itself as a regular app by spoofing legitimate apps’ package names.

Once it’s on your device, you’re either stuck with a “semi-stealth” version, which drops an xHelper icon blatantly in your notifications—but no app or shortcut icons—or a “full-stealth” version, which you’ll only notice if you visit Settings> Apps & notifications> App Info (or whatever the navigation is on your specific Android device) and scroll down to see the installed “xHelper” app.

What does xHelper do?

Thankfully, xHelper isn’t destructive malware in the sense that it’s not recording your passwords, credit card data, or anything else you’re doing on your device and sending it off to some unknown attacker. Instead, it simply spams you with pop-up advertisements on your device and annoying notifications that all try to get you to install more apps from Google Play—presumably how the xHelper’s authors are making cash from the malware.

Make Sure You Didn't Download One Of These 17 Malicious iOS Apps

  Make Sure You Didn't Download One Of These 17 Malicious iOS Apps Researchers have found 17 apps in Apple’s App Store that are infected with malware. While Apple has since removed the malicious apps from the store, if you have an iPhone or iPad, you should make sure you haven’t downloaded one of them prior to that removal. The list includes the following apps: RTO Vehicle Information EMI Calculator & Loan Planner File Manager - Documents Smart GPS Speedometer CrickOne - Live Cricket Scores Daily Fitness - Yoga Poses FM Radio PRO - Internet Radio My Train Info - IRCTC & PNR Around Me Place Finder Easy Contacts Backup Manager Ramadan Times 2019 Pro Restaurant Finder - Find Food BMT Calculator PRO -

Since you did a factory reset thru settings, its possible that it wasn't good enough to get rid of the malware because it may have planted itself in your At this point, what I would do is to wipe the cache partition, and do a factory reset while in recovery. I don't know what state your phone is currently in

According to Symantec, 131 new handsets are infected each day, approximately 2,400 each month. The malware can be loaded onto an Android phone through the use of redirects that send users to a In fact, Android users will never get rid of xHelper as it will reinstall even after a factory reset !

The dark side, as reported by ZDNet, is that xHelper can allegedly download and install apps on your behalf. It doesn’t appear to be doing so at the moment, but if this were to happen—coupled with the app’s mysterious ability to persist past uninstallations and factory resets—would be a huge backdoor for anyone affected by the malware.

Wait, I can’t uninstall it?

Yep. This is the insidious part of xHelper. Neither Symantec nor Malwarebytes have any good recommendations for getting this malware off your device once it’s installed, as the mechanisms it uses to persist past a full factory reset of your device are unknown. As Symantec describes:

“None of the samples we analysed were available on the Google Play Store, and while it is possible that the Xhelper malware is downloaded by users from unknown sources, we believe that may not be the only channel of distribution.

From our telemetry, we have seen these apps installed more frequently on certain phone brands, which leads us to believe that the attackers may be focusing on specific brands. However, we believe it to be unlikely that Xhelper comes preinstalled on devices given that these apps don’t have any indication of being system apps.

Check Your Android Phone For These Adware-Infested Apps

  Check Your Android Phone For These Adware-Infested Apps It seems like a day doesn't go by without a new malware alert for apps available on the Google Play Store and today is no different. Researchers have uncovered a number of Android apps filled with adware, which have been downloaded about eight million times in total. Here are the offending apps and how to remove them. Researchers at ESET have detected 42 apps on the Google Play Store belonging to the same adware campaign. At the time of discovery, half of those apps were still available but the ESET researchers reported the detected apps to Google and they've since been deleted. require(["inlineoutstreamAd", "c.

Home Forums Android Discussion Android Help. Support Malware survives factory reset . Trying to uninstall it fails (because it is a system file?) Anyway, nothing to lose, I did a full factory reset . After a reboot, I put my Google account in again, but told it to do a new setup, clean - i.e. no previous apps

Running a factory reset on a computer is an effective way to clear out a persistent virus or other malware you can't otherwise remove. Running a factory reset , also referred to as a Windows Reset or reformat and reinstall, will destroy all data stored on the computer's hard drive and all but the most

In addition, numerous users have been complaining on forums about the persistent presence of this malware on their devices, despite performing factory resets and manually uninstalling it. Since it is unlikely that the apps are systems apps, this suggests that another malicious system app is persistently downloading the malware, which is something we are currently investigating (keep an eye on the Threat Intelligence blog for more on this).”

So...

If you think you’re infected with xHelper, you can try downloading some standard antivirus apps to your Android device. It’s possible they might help, but I’d err on the side of free antivirus apps for now, lest you find yourself paying a chunk of cash for an app (or subscription) that doesn’t actually help you out at all. The xHelper malware is just that quirky.

I have the full belief that someone—Google itself, or one of the big antivirus players—will find a way to thwart and remove this malware, but it’s going to take a bit of time to get to that solution. In the meantime...

How to avoid getting hit with xHelper in the first place

Right now, the best thing you can do to prevent getting hit with this kind of malware is to be mindful of your web browsing habits. Make sure you aren’t getting redirected to scammy websites that encourage you to sideload unknown apps—or apps that appear safe—onto your device. When in doubt, only install apps from the Google Play Store.

Don’t sideload apps, as in, don’t download and install them manually on your device unless you really know what you’re doing, trust the app’s developer completely, and trust that the app you’re downloading is actually something safe from the developer it claims it is from. (While this won’t protect you one-hundred per cent of the time, sticking to the Google Play Store a lot safer than downloading random .APKs from websites you know nothing about.)

Update Your QNAP NAS Box Right Now To Block 'QSnatch' Malware .
I’m going to go ahead and pat myself on the back for setting up a Google Alert for the words “Qnap” and “malware.” I use one of the company’s NAS boxes, as do many others, and now I have a chance to inoculate my device against a nasty new strain of malware that’s making the rounds. QSnatch, as the malware is known, injects code into the firmware of your QNAP NAS box, which then has the power to call to command-and-control server to dump additional code onto your device.

—   Share news in the SOC. Networks

Topical videos:

usr: 7
This is interesting!