A little over two years ago, a brand new type of malware burst onto the Android scene. The story of this particular piece of malware first appeared in the news cycle over at Android Police. In an article released in April 2020, AP explained that the malware, named xHelper, was able to survive even the most thorough Android factory resetting regimen.
Unfortunately, such malware still roams the internet, hidden within unmonitored APKs and as overlays of already suspicious websites. It lies there, patiently, waiting for a user to click on the wrong webpage or download the wrong APK, and then it strikes. Luckily, we’re about to break down what researchers found out about malware like xHelper and how to deal with it so that it cannot return. This is your crash course in one of the most ruthless examples of Android-focused malicious software the world has ever seen.
What is xHelper?
xHelper is malware that came about in early 2020 and infected a vast majority of Android 6-7 devices. A Kaspersky researcher discovered that the malware operates by downloading a rootkit. A rootkit is basically an application, in this case malware, that can grant itself root privileges on your Android device. Once this software has root privileges, it can install additional malware onto your device. The worst is that it doesn’t install any additional malware to easily accessible directories that you can clear from your OS; anything it installs attaches directly to your system partition.
Once malware gets into the system partition it immediately becomes an even bigger task to remove, and it won’t just disappear with a factory reset. Worse still is that the system partition isn’t even a part of your phone you can access under normal circumstances; it’s a read-only file that you cannot mess with.
Here you’re probably thinking that some Android users are more resourceful than others. In fact, some users have root access, which means they can manipulate root files. Surely these Android elites can remove rootkits? Unfortunately not. This malware is so pernicious because it roots itself so deep into your device, it’s in the same place all your other components are, where no amount of Android root know-how can pose any threat.
As hopeless as the rootkit situation must seem, there is indeed light at the end of this Android malware tunnel; We’re about to show you how to remove rootkits, no matter how deep they’re buried.
How to remove rootkits on Android
Here’s the kicker; you’re going to need a third-party app. Yes, our system guides usually focus on how to do things without downloading external software, but this time you can’t go it alone. We suggest enlisting the help of Avast for this one. Not only is Avast one of the top names in antivirus protection for all your devices; unlike some rivals, Avast offers a free rootkit scanner and remover. You read that right; Avast and Free in the same sentence.
Find Avast’s free rootkit scanner and remover
You can get the app directly from Avast by typing ‘Avast free rootkit scanner and remover’ into your browser. On the Avast website, you’ll see a blue Install free anti-root kit button. Give in to temptation and click it.
Download the root-kit
Next, you’ll be redirected to the download. Click install and wait for the app to finish downloading. Once downloaded, click open.
Hit the green Get started button as soon as Avast opens, and take a quick look at your notifications, You should see a banner from Avast reading Your device is secured.
Avast is a company, and like most companies, they want you to end up purchasing their wares. Feel free to hit Continue with free on the next page you see.
Your very first scan
Avast immediately teleports you to the scan interface. This is to make quick work of getting your device secure, and to give you a general lay of the Avast land so that you know what’s going on. You can skip this for now, but we recommend doing the first scan.
When the scan is complete, you’ll see a short summary of what Avast did. On our test device for example, it scanned 291 apps and 22 files, checked 11 security settings, and resolved one vulnerable setting.
Deep scan
The first scan is a good way to check up on your device’s security status, but one scan does not a secure Android make, as the adage goes. Next, hit the green scan button once more, and then you’ll be prompted to choose between a regular scan and a deep scan.
Choose use deep scan. This will take longer than a regular scan, as it scans your entire device from root to tip for vulnerabilities. You’ll notice that with the deep scan, the number of scanned files jumped from 22 to 2349; this is how you know how deep the deep scan goes. It scans system apps you didn’t know you had, files you can’t get to, and system directories not even shown on your phone.
Rootkits aren’t so scary if you’re protected.
With the appropriate protection, malware loses power. Yes, there are still virulent trojans and droppers out there in the vastness of cyberspace, but with an app like Avast, you at least stand a chance. Better still is that companies like Avast provide perfectly usable free versions of their antivirus software, meaning you don’t need to pay an arm and a leg for proper protection. That said, you’ll definitely have to deal with a few ads.
