New malware on the rampage might target Jio users — and uninstalling it won’t help

New malware on the rampage might target Jio users — and uninstalling it won’t help
xHelper, a new trojan malware, is disguised as 'Jio' on certain devicesBusiness Insider India

  • A new malware dubbed xHelper has already infected 45,000 devices and might be making its way to Jio users.
  • The trojan malware looks to be targeting users in India, the US and Russia.
  • xHelper doesn’t show up among listed apps or the launcher, and even if you install it — it will make its way back onto your device.
A new Android-based malware has been making the rounds over the past six months and it’s targeting users in India, the US and Russia.

On some phones, it’s even disguised as ‘Jio’. Sysmatec suspects this because the malware is planning to target Jio users sometime in the future — that’s a pool of nearly 500 million subscribers.

The trojan dubbed xHelper has already infected 45,000 devices. The malware hides in the background, doesn’t show up on the launcher, and even if you uninstall it — it will just reinstall itself and go back into hiding.
Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

The persistent piece of malware is capable of downloading unnecessary apps onto your phone cluttering memory and displaying ads, according to Sysmatec’s analysis.

Malware that can’t be seen and can’t be removed


The xHelper malware is structured in such a way that it doesn’t have a regular user interface. Instead of a whole application, it disguises itself as an application component.

This makes it possible for it to do two things. One, the phone doesn’t list itself as an application, so there’s nothing to uninstall.

Two, there’s no way to launch it manually and open it up. The malware’s launch will only be instigated by external events — this includes acts like putting your phone on charging, or rebooting the device.

Once it’s up and running, the malware runs as a foreground service. So, even when you clear cache as memory runs low — there’s a minimal chance of xHelper being shut down.

Even if it’s somehow stopped, it will restart on its own.

A ray of hope

Of all the samples that Sysmatec analysed, none were from the Google Play Store. The cyber security company believes that there’s a high possibility that xHelper can only make its way onto a phone with something is downloaded from unknown sources.

Sysmatec also observed that the malware is more prevalent on phones from certain brands, but did not disclose which specific smartphones are vulnerable.

xHelper is among Malwarebytes’ ten most detected list. It was added to their list in May 2019, and has since removed the infection from nearly 33,000 devices — and that number continues to rise.

Nobody the malware’s origins or where it’s coming from — just that it’s a growing threat that needs to be averted.

See also:
TCS was hacked for its clients by China’s cyber spy campaign: Report

Malware affecting Jio Apps, WhatsApp, Flipkart and Hotstar ‘primarily targeted’ Indian users through Alibaba’s app store

Here’s why Facebook is suing the NSO Group over the WhatsApp hack