Decode xHelper - the kind of immortal malicious code on Android, still 'alive' after factory reset
Recently, researchers at Kaspersky Labs have discovered the extremely complex operation of xHelper, a new malware that attacks devices running Android, capable of surviving even after performing a factory reset. Return to original settings.
Basically, xHelper or its variants will install itself into the system partition of Android phone after gaining root privileges. Even malicious code can force the system to change to remove this malware from the phone more difficult.
The problem is that the system partition usually doesn't allow overwriting. Normally, the system partition only grants 'read-only' permission to users, so removing applications that contain malware is not a problem. More troublesome, this malware is also given the data files that it has written to the system partition for greater permissions, even the root of the machine is not easy to solve.
The creators of xHelper also provide this malicious code with an extremely bizarre feature that allows changing the libc system library of the Android operating system itself, disabling the conversion of the system partition from read-only to write. mode, even automatically uninstall root apps.
To remove xHelper, users will have to recover the device, either flash the device with the original installation or replace the system component in the device.
However, this malware downloaded a rootkit to hijack the machine. And this rootkit mainly infects older versions of Android like 6 and 7, on some kind of Chinese 'fake smartphones'. Security researchers have discovered malware in the original phone carrier so they don't have to live with xHelper users to find a more reputable ROM or buy a new phone!
You should read it
- Discover a new kind of malicious code that can record the phone call to extort money
- 10 million Android devices are preinstalled with malicious code from the factory
- Appearing dangerous Android malicious code specializing in stealing chat content on Facebook Messenger, Skype ...
- Android apps contain malicious code that uses motion sensors to avoid detection
- Warning: New malicious code is infecting about 500,000 router devices
- Malware Judy attacked more than 36.5 million Android phones
- Find bug in Emotet malware, prevent it from spreading for 6 months
- Warning: There is an 'immortal' virus strain, which is able to automatically reinstall even if users restore the original settings
May be interested
- Many cheap Android smartphones are 'promotional' codes for usersavast has discovered a kind of malware called cosiloon that is included in many cheap android phones that are not certified by google.
- Added new improvements to Factory Reset Protection and updated Find My on Androidnew improvements to factory reset protection and updates to find my make it easier to restore your phone the next time you lose it.
- How to Factory Reset Windows 10 PC with Command Promptif your windows 10 pc for some reason unexpectedly slows down, behaves abnormally, or you're about to sell it and want to return your system to its 'original' state, the best way to do a factory reset (factory reset) the device, you'll want to do a factory reset.
- 7 Types of Devices That Need a Factory Reset Before Sellingfactory resets aren't just for expensive tech devices like phones or laptops, unwanted tech gadgets also need a factory reset to help protect your digital life.
- Appearing dangerous Android malicious code specializing in stealing chat content on Facebook Messenger, Skype ...a type of malware that has a package name is com.android.boxa that can steal users' private chat data on current messaging applications such as facebook messenger, skype, etc., by experts from the company. network security trustlook detected on android operating system.
- Instructions for factory reset PS4when playing playstation 4 (ps4), you may encounter problems that affect your gaming experience, such as hardware or software errors that are difficult to detect. a common solution is to factory reset the device.
- How to Factory Reset Windows 11 PCif for some reason your windows 11 pc suddenly runs slow, behaves abnormally, crashes. this article will show you how to factory reset your windows 11 pc.
- How to Reset Android phonetoday's wikihow will show you how to reset (reset) your android device to its original settings using basic reset steps or recovery mode (restore factory settings) if your device encounter more serious problems.
- Is data recoverable after resetting Android phone?after the factory reset, is your data recoverable or will everything be wiped? the short answer is yes, some data can be recovered.
- How to factory reset your MacBook or iMacbefore spending a fortune on a new mac, try a factory reset, which will wipe your computer clean and reinstall a 'clean' version of macos.