‘Unkillable’ Android malware gives hackers full remote access to your phone

It’s trojans all the way down

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security experts are warning Android users about a particularly nasty strain of malware that’s almost impossible to remove.

Researcher Igor Golovin from Kaspersky has writtena blog postexplaining how the xHelper malware uses a system of nested programs, not unlike a Russian matryoshka doll, that makes it incredibly stubborn.

The xHelper malware was first discovered last year, but Golovin has only now established exactly how it gets its claws so deeply into your device, and reappears even after a system restore.

Although theGoogle Play Storeisn’t foolproof, unofficial third party app stores are much more likely to harbor malicious apps. App-screening serviceGoogle Play Protectblocked more than 1.9 million malware-laced app installs last year, including many side-loaded or installed from unofficial sources, but it’s not foolproof.

xHelper is often distributed through third-party stores disguised as a popular cleanup or maintenance app to boost your phone’s performance, and once there, is amazingly stubborn.

In too deep

When the malware is first installed, it downloads a ‘dropper’ trojan, which collects information on your device and installsanothertrojan. This then downloads exploit code that gives it root access to your device, where it can cause whatever mayhem its creators see fit.

Removing the infection is extremely difficult. All these downloads are hidden deep in the system files, making them hard to find, and the dropper that’s installed in the system partition can start the process all over again even after a factory reset.

Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.

Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.

Golovin advises reflashing the phone, but warns that sometimes the factory-installed firmware might contain xHelper, in which case there’s very little you can do. “If you do use a different firmware, remember that some of the device’s components might not operate properly,” he advises.

“In any event, using a smartphone infected with xHelper is extremely dangerous. The malware installs a backdoor with the ability to execute commands as a superuser. It provides the attackers with full access to all app data and can be used by other malware too, for example, CookieThief.”

Cat is TechRadar’s Homes Editor specializing in kitchen appliances and smart home technology. She’s been a tech journalist for 15 years, and is here to help you choose the right devices for your home and do more with them. When not working she’s a keen home baker, and makes a pretty mean macaron.

We might have our first look at the long-rumored Samsung tri-fold

A newly reported iPhone phenomenon could be bad news for both cops and robbers

I’ve been covering Apple Watch deals for years – This is the one model most people should buy on Black Friday