According to Kaspersky researcher, Igor Golovin, the newest strand of the malware, Trojan-Dropper.AndroidOS.Helper.h, disguises itself as a preferred cleaner app for smartphones, however after set up, it merely disappears and is nowhere to be seen both on the principle display or in this system menu. It can solely be discovered within the record of put in apps within the system settings.
Once put in, the malware collects and sends personally-identifiable particulars concerning the sufferer’s telephone, together with Android ID, producer, mannequin, firmware model, and many others.) to a third-party web site, after which proceeds to obtain the subsequent malicious module. It retains downloading one Trojan module after one other, together with the infamous Triada, which features root privileges on the contaminated machine and permits the malware to put in a sequence of malicious recordsdata straight into the system partition.
The malware largely impacts gadgets working Android 6 Marshmallow and Android 7 Nougat, though it’s not as widespread as earlier believed. Either means, Golovin says that after a tool is contaminated with xHelper, the best and most dependable strategy to eliminate it’s to utterly reflash the telephone, ideally with a special firmware, if accessible. You can learn all of the technical particulars about xHelper on the Kaspersky’s official safety weblog.