There's a scary bit of malware floating out there in the wild. Known as xHelper, it's not what the malware does once installed that's so bad, but how it keeps itself installed.
First thing's first. This isn't any sort of rampant infection by any measure. Symantec and Norton both estimate that there are less than 75,000 cases if it in the wild and when you have 2 billion potential victims that's a very tiny percentage.
It's not the numbers of users affected that's troubling but how it's happening.
It's not one of those bad actors that harvests all your data, either. xHelper seems to spam your notifications and change your browser homepage.
The source of these infections is "web redirects" that send users to web pages hosting Android apps. These sites instruct users on how to side-load unofficial Android apps from outside the Play Store. Code hidden in these apps downloads the xHelper trojan.
So far, this sounds like any number of malware episodes that we see far too often. But this is just the regular part of the story. What's so bad about this one is that the malware keeps finding a way to reinstall itself once it's been uninstalled, even if you factory reset your phone.
There are several different theories about how this could be happening. Maybe the actual vendor's code — all instances of xHelper have been found on Chinese-made phones that don't have a big US presence — is infected is one of them. Others think that Chrome is the culprit, as users say uninstalling Chrome is the only way to keep xHelper from coming back.
There are several ways xHelper could be finding its way onto phones. Google Play is not one of them.
Another idea, and the one that makes the most sense to me, is that app data backups through Google's own service contain whatever is needed for xHelper to find its way back into your phone. To top all this off, it keeps finding ways to bypass any security apps including Google Play Protect as it evolves.
How it finds its way back onto infected phones and the potential harm it can cause are concerning. But this whole mess tells us one thing pretty clearly: unless you know how to make sure an app is clean and safe, stick to Google Play for all of your apps.
Let the pros handle things and you'll have less problems when it comes to malware. Google may do some silly things, but when it comes to security the know what's up.
We may earn a commission for purchases using our links. Learn more.
It's time to stop using SMS for two-factor authentication
Not all 2FA is equal. Using SMS to get a code might not be "better than nothing" after all.
Fresh Surface Duo renders are here, reportedly coming to AT&T
Microsoft hasn't exactly been camera shy with the Surface Duo, but a new set of renders have leaked that offer an even closer look at the device. Alongside the leaked images, the leaker says Duo will be headed to AT&T in the U.S.
24 hours with the Galaxy Note 20 Ultra: Big, beautiful, and backwards
It's still too early to give any conclusive thoughts on the Galaxy Note 20 Ultra, but Samsung's latest flagship is already proving to be a tremendous phone in more ways than one.
The best Bluetooth speakers to pair with your Amazon Echo Input
The Amazon Echo Input can do some great things for Alexa users — but in order to make it really shine, you'll need some great Bluetooth speakers to go with it. We've compiled some of the best Bluetooth speakers that you might want to pair with your Echo Input.