Security Center Security News v
The secret behind “unkillable” Android backdoor called xHelper has been revealed

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
The secret behind “unkillable” Android backdoor called xHelper has been revealed
sidemoon Away
Puck Futin!
*****
MotM
Posts: 492
Threads: 452
Thanks Received: 1,279 in 472 posts
Thanks Given: 836
Joined: Oct 2015
Reputation: 32
Gold MemberMember Of The MonthReporterThe Century
#1
04-18-2020 , 03:43 PM
Quote: The precise cause of the reinfections stumped researchers for months.

In February, a researcher detailed a widely circulating Android backdoor that’s so pernicious that it survives factory resets, a trait that makes the malware impossible to remove without taking unusual measures.

The analysis found that the unusual persistence was the result of rogue folders containing a trojan installer, neither of which was removed by a reset. 
The trojan dropper would then reinstall the backdoor in the event of a reset. Despite those insights, the researcher still didn’t know precisely how that happened. 

Now, a different researcher has filled in the missing pieces. More about that later. First, a brief summary of xHelper.

A backdoor with superuser rights 



Continue reading here:
https://arstechnica.com/information-technology/2020/04/solved-how-android-backdoor-called-xhelper-survives-factory-resets/
Reply
dinosaur07 Offline
Insider
*****
Valued Member
Posts: 2,502
Threads: 199
Thanks Received: 3,254 in 1,147 posts
Thanks Given: 11,048
Joined: Oct 2015
Reputation: 194
Gold MemberSupporting MemberMember Of The MonthThe ResearcherThe Century
#2
04-18-2020 , 04:23 PM
(04-18-2020 , 03:43 PM)sidemoon Wrote:
Quote: The precise cause of the reinfections stumped researchers for months.

In February, a researcher detailed a widely circulating Android backdoor that’s so pernicious that it survives factory resets, a trait that makes the malware impossible to remove without taking unusual measures.

The analysis found that the unusual persistence was the result of rogue folders containing a trojan installer, neither of which was removed by a reset. 
The trojan dropper would then reinstall the backdoor in the event of a reset. Despite those insights, the researcher still didn’t know precisely how that happened. 

Now, a different researcher has filled in the missing pieces. More about that later. First, a brief summary of xHelper.

A backdoor with superuser rights 



Continue reading here:
https://arstechnica.com/information-technology/2020/04/solved-how-android-backdoor-called-xhelper-survives-factory-resets/

Guys, be careful what apps do you install on your devices and always use a powerful AV even for phones. Nowadays the dangers are watching around the corner. And of course avoid free apps. For free apps you are the payment. 
Eek
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  New SideWalk Backdoor Targeting U.S. Computer Retailers mrtrout 0 1,370 08-27-2021 , 01:22 AM
Last Post: mrtrout
  Audacity 3.0 called spyware over data collection changes by new owner mrtrout 0 1,110 07-06-2021 , 12:30 AM
Last Post: mrtrout
  Researchers Warn of Facefish Backdoor Spreading Linux Rootkits mrtrout 0 804 05-28-2021 , 10:58 PM
Last Post: mrtrout
  Bizarro Banking Trojan Sports Sophisticated Backdoor Bjyda 0 757 05-23-2021 , 09:22 PM
Last Post: Bjyda
  Palo Alto firewall software vulnerability quartet revealed Bjyda 0 661 02-13-2021 , 09:59 PM
Last Post: Bjyda

Forum Jump:


Users browsing this thread: 1 Guest(s)