xHelper: How to erase the immortal malware plaguing Android

xHelper it is an annoying malware. Highly disruptive, if we use very generous terminology, and we would still fall short. And not only because it floods our Android with constant pop-up ads that prevent us from using the device in a fairly normal way. This Android virus is so resistant that even performing a factory format or hard wipe, the very rascal is able to return from the grave and reinstall himself without the need for external help. In short, a malware capable of bypassing all security measures.

For the past few months, the xHelper malware has been rampant, infecting tens of thousands of Android phones without leading security experts finding a solution. Fortunately, in the last few days Malwarebytes seems to have hit the right key. In today's post, we explain how to remove xHelper malware so if you think you have been infected, do not hesitate to take note of these indications.

This is how xHelper works, one of the most resistant viruses for Android

xHelper begins by sneaking into its victim's system, pretending to be the installation package of a known app so as not to be detected. Once installed on the device, it can manifest itself in two different ways:

  • The semi-stealth version: We will notice that we have been infected through a notification that is constantly displayed with the xHelper icon, although we will not see any app or direct access.
  • The "full power" version: The super silent version of xHelper can only be identified by navigating to the phone settings and displaying the list of installed applications.

The positive part of this whole thing is that xHelper is not as destructive as other malware: it does not steal our bank details, nor does it record our passwords or activity on the phone. Instead, it bombards us with spam by advertising pop-ups and ads in the barnotifications that "encourage" us to install other applications from Google Play, these being the methods used by the attacker to obtain financial gain.

The most dangerous thing, however, is the supposed ability that this virus could have to install other applications on the device without the user's consent, although at this time it does not seem that this vulnerability is being exploited (something that could change in future updates of xHelper).

How to uninstall xHelper to permanently remove it

As we mentioned at the beginning, the biggest problem with xHelper is that it is practically impossible to delete. It is very sticky. If we manage to uninstall it, joy will not last long, since after a while it reappears on our Android with a smile from ear to ear. Something that we cannot even fix by resetting the terminal to its original factory state. What can we do then?

Here's a look at the conversation the Malwarebytes security tech team had with one of their forum users. After going around several times, they managed to find a rather ingenious solution to get rid of the "bug" permanently:

  • The first thing to do is install a file explorer for Android.
  • Next, we must disable the Google Play Store (yes, the official Android app store). To do this, we go to the phone settings and enter "Applications and notifications -> Motrar all applications", Locate the Google Play Store and click on"Disable”.

This is a key point, as xHelper uses the Google app store to hide. Basically, the virus is activated by launching an APK installation, reinstalling the main xHelper code, and then uninstalling that APK without the user knowing about it. It is not yet known very well how this process activates, but what is clear is that the Google Play Store app plays a necessary role so that the infection can be carried out successfully.

  • The next step is to install the appMalwarebytes and perform a scan to remove the xHelper malware from the system.
Source: blog.malwarebytes.com
  • Finally, we must use the file explorer to locate any file or folder whose name begins with "com.mufc”. If any of the files or folders found has a modification date of today (or the date we launched the Malwarebytes scan), we will proceed to eliminate it.
  • We will also delete other folders that were created on the same date and time as the "com.mufc" folder (unless it is a critical system folder, such as the folder for images or downloads).
  • Finally, we restart the phone and re-enable the Google Play Store app.

With this, we should already have the problem solved, preventing xHelper from reproducing again like the annoying and tiresome virus that it really is. As a final tip, if we do not want our mobile or tablet to be infected with this type of malware, it is advisable to avoid installing APK packages from unreliable sources, especially if they are premium pirated apps. There are quite a few safe alternatives to Google Play, although the easiest way to avoid this type of surprises undoubtedly is by not leaving the official Google store. An environment much more controlled by systems like Play Protect.

Related Post: How to know if an APK contains viruses or other malware

You have Telegram installed? Receive the best post of each day on our channel. Or if you prefer, find out everything from our Facebook page.

Recent Posts

$config[zx-auto] not found$config[zx-overlay] not found