A new malware is on the roll now called XHelper. It has infected more than 45,000 android smartphones within just 6 month. The threat is very dangerous as it cannot be fixed even through factory reset.

xHelper malware is just about seven months old, and had already reached MalwareBytes’ top 10 list of malware by August. The app is being distributed via websites that encourage users to sideload apps onto their device. These apps then install the xHelper trojan onto the device.

xhelper spam

How It Works

According to Malwarebytes, the source of these infections is “web redirects” that send users to web pages hosting Android apps. These sites guides you on how to side-load unofficial Android apps from outside the Play Store. Code hidden in these apps downloads the xHelper trojan.

The  good news within the unwanted scenrio is that the trojan doesn’t carry out destructive operations. According to both Malwarebytes and Symantec, for most of its operational lifespan, the trojan has shown intrusive popup ads and notification spam. The ads and notifications redirect users to the Play Store, where victims are asked to install other apps — a means through which the xHelper gang is making money from pay-per-install commissions.

xhelper service


In some cases, users said that even when they removed the xHelper service and then disabled the “Install apps from unknown sources” option, the setting kept turning itself back on, and the device was reinfected in a matter of minutes after being cleaned.

Over the past few months, many users have complained about xHelper’s near “unremovable” state, on sites like Reddit, Google Play Help [1, 2], or other tech support forums.

ALSO READ:  TikTok Overtakes WhatsApp To Become The Most Downloaded App In January

How Can I Prevent xHelper?

Just take precaution while downloading apps from untrusted sources. Also beware of pages that redirect you to other pages to download apps or games.

Note: Once your smartphone gets infected with this malware, no solution for now.




Please enter your comment!
Please enter your name here