![trojam dropper malewarebytes trojam dropper malewarebytes](https://sensorstechforum.com/wp-content/uploads/2016/01/shutterstock_248596792.jpg)
To do this an Android file manager is required.įurthermore, the malware is somehow identifying with Google Play as the source of the reinfection. To remove xHelper from an infected mobile, the mufc folder, along with all its contents, needs to be deleted from the mobile. Therefore, researches still don’t know how this malware can survive a factory reset. Nor were they able to discover how the folder was not deleted during the factory reset. Malware researches, however, still haven’t discovered how the mufc folder was created on the mobile in the first place.
![trojam dropper malewarebytes trojam dropper malewarebytes](https://i.ytimg.com/vi/J_7VHlrQmQc/mqdefault.jpg)
Thus the mystery of how the mobile was being reinfected was solved. The variant in turn, downloaded more malware within seconds and the mobile was thus re-infected.
Trojam dropper malewarebytes apk#
The APK was a Trojan dropper that downloaded an xHelper variant. Hidden inside the folder was an Android Application Package (APK). It had not been deleted during the factory reset, as would normally be the case. To the researchers’ astonishment they found a folder with this string still on the mobile. xHelper’s malicious package names all contain this string. They did a search for files and/or directories on the infected mobile whose names started with the string “com.mufc”. How was the mobile re-infected by xHelper after the factory reset?Īfter encountering many blind alleys during their investigation, the researchers discovered the source of the reinfections. This intrigued researchers and thus they decided to conduct a further examination. The phone did not contain any pre-installed malware, but the malware infection kept on returning. In this instance, however, the factory reset did not work. It gets rid of any malware, unless the mobile came with pre-installed malware. Last month, Malwarebytes was contacted by a user who stated that her Android mobile kept on getting re-infected by xHelper even after doing a factory reset.įactory resets are usually the last resort for getting rid of persistent malware infections. Unfortunately, however, that was not the end of the xHelper case. Consequently, they concluded that the attacks are targeting the United States.Īt the end of their analysis the researchers published a blog on their findings and closed the case on xHelper. In this investigation, Malwarebytes researchers discovered that xHelper is being hosted on IP addresses in the United States. They felt that its prominence couldn’t just be explained as originating from people carelessly installing third-party applications. They wanted to know what the source of infection was that was making the Trojan xHelper so widespread. Consequently, they decided to investigate further. However, Malwarebytes researchers soon saw it rise to one of the top 10 most detected pieces of malware. Malwarebytes researchers first discovered it and “classified what we believed was just another generic Android/Trojan.Dropper, and moved on.” First investigation The Malware’s HistoryĪ new piece of malware named xHelper was discovered in May last year. Malwarebytes have found a solution for removing this malware, called xHelper, although some aspects of its origin and persistence remain a mystery. New Android malware has been discovered that can survive the last resort malware eradication solution of the factory reset.