Decode xHelper - the kind of immortal malicious code on Android, still 'alive' after factory reset
Recently, researchers at Kaspersky Labs have discovered the extremely complex operation of xHelper, a new malware that attacks devices running Android, capable of surviving even after performing a factory reset. Return to original settings.
Basically, xHelper or its variants will install itself into the system partition of Android phone after gaining root privileges. Even malicious code can force the system to change to remove this malware from the phone more difficult.
The problem is that the system partition usually doesn't allow overwriting. Normally, the system partition only grants 'read-only' permission to users, so removing applications that contain malware is not a problem. More troublesome, this malware is also given the data files that it has written to the system partition for greater permissions, even the root of the machine is not easy to solve.
The creators of xHelper also provide this malicious code with an extremely bizarre feature that allows changing the libc system library of the Android operating system itself, disabling the conversion of the system partition from read-only to write. mode, even automatically uninstall root apps.
To remove xHelper, users will have to recover the device, either flash the device with the original installation or replace the system component in the device.
However, this malware downloaded a rootkit to hijack the machine. And this rootkit mainly infects older versions of Android like 6 and 7, on some kind of Chinese 'fake smartphones'. Security researchers have discovered malware in the original phone carrier so they don't have to live with xHelper users to find a more reputable ROM or buy a new phone!
You should read it
- Discover a new kind of malicious code that can record the phone call to extort money
- 10 million Android devices are preinstalled with malicious code from the factory
- Appearing dangerous Android malicious code specializing in stealing chat content on Facebook Messenger, Skype ...
- Android apps contain malicious code that uses motion sensors to avoid detection
- Warning: New malicious code is infecting about 500,000 router devices
- Malware Judy attacked more than 36.5 million Android phones
- Find bug in Emotet malware, prevent it from spreading for 6 months
- Warning: There is an 'immortal' virus strain, which is able to automatically reinstall even if users restore the original settings
May be interested
- Ubuntu 20.10 'Groovy Gorilla' set a release dateubuntu 20.10 will be codenamed 'groovy gorilla', which is ubuntu's next major update.
- Lenovo is about to launch its first Linux laptop modellenovo will also follow dell to launch a series of brand new linux laptops in the near future.
- Russian spacecraft 'resupply' successfully 3 tons of cargo for the ISS in just 3 hourscurrently, progress 75 is moored at the iss at a height of 260 miles (418 km) northwest of china, and will remain there until december.
- Close-ups of iFixit's iPhone SE 2020iphone se 2020 is the latest phone with the apple logo, which is targeted at the mid-range segment by apple.
- The world's first airport for unmanned aerial vehicles is about to startthis ambitious project is the brainchild of years of research and investment by chinese flying car maker ehang.
- Notable changes in Windows Terminal ver 0.11windows terminal is a command-line interface application released by microsoft in late may 2019