Kaspersky researchers earlier this yr detailed a singular Android malware that can not be eliminated even after a manufacturing facility reset. Called xHelper, the trojan baffled cyber-security researchers with its persistence and the way it can survive nearly all makes an attempt to take away it from the machine. While the researchers printed an in depth report on the malware’s MO in February, they had been nonetheless uncertain concerning the secrets and techniques behind its persistence. That, nonetheless, has modified now, with a special researcher with the ability to lastly unlock its mysteries.

According to Kaspersky researcher, Igor Golovin, the newest strand of the malware, Trojan-Dropper.AndroidOS.Helper.h, disguises itself as a preferred cleaner app for smartphones, however after set up, it merely disappears and is nowhere to be seen both on the principle display or in this system menu. It can solely be discovered within the record of put in apps within the system settings.

Once put in, the malware collects and sends personally-identifiable particulars concerning the sufferer’s telephone, together with Android ID, producer, mannequin, firmware model, and many others.) to a third-party web site, after which proceeds to obtain the subsequent malicious module. It retains downloading one Trojan module after one other, together with the infamous Triada, which features root privileges on the contaminated machine and permits the malware to put in a sequence of malicious recordsdata straight into the system partition.

The malware largely impacts gadgets working Android 6 Marshmallow and Android 7 Nougat, though it’s not as widespread as earlier believed. Either means, Golovin says that after a tool is contaminated with xHelper, the best and most dependable strategy to eliminate it’s to utterly reflash the telephone, ideally with a special firmware, if accessible. You can learn all of the technical particulars about xHelper on the Kaspersky’s official safety weblog.