Published: August 6, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
There are times to bargain shop and times to splurge. In the case of your Android smartphone, it might be a wise choice to spend a bit more. Researchers at the Russian company, Kaspersky recently found that some of the less expensive smartphones from China are susceptible to the malware xHelper, which is nearly impossible to remove. Now, researchers have found just how it makes itself that way.
But the more important message is that sometimes a bargain is not a bargain when it comes to a smartphone.
Essentially, xHelper makes itself a “matryoshka,” a Russian nesting doll. You’ve seen those. As you open one, a smaller doll is inside. You open that one and another smaller one is inside, and you keep going until you get to a very tiny little doll. In this case, the end result is a Triada malware infection. This deeply embeds itself into the Android system partition and can re-install itself, even after you try to reset it to factory settings.
There are a couple of options for removal, but may be out of the scope of many Android users’ abilities. One is to completely reflash the device’s firmware. The other is to use a file-manager app; which removes one variant of it. However, there is no guarantee either of these will work, since these phones often have pre-installed malware that downloads and installs other malicious programs. The best option is not to buy one that is susceptible to it in the first place.
The phones primarily infected run Android 6 (Marshmallow) or 7 (Nougat) and get apps from sources outside the Google Play store. This action, called sideloading, is not recommended for any device. Typically, programs that can be loaded onto your devices this way don’t go through as much security scrutineering as those that go into the official stores. So, you’re in decent shape with this infection if you have a newer device that runs a more current operating system.
Speaking of current software, keep your devices updated with versions of the operating system and apps that are most current. When security issues are found, the newer known ones are fixed so they are protected against threats that target those issues. When the software version is no longer supported, the developers don’t create patches for them, so your device is left open to possible attack. So, apply patches and updates as soon as they are released.
To check what version of Android you have, it can get a little tricky. This is because it’s different depending on what phone you have. On a basic level, open your smartphone’s settings and tap the “cog” icon. Find the “About Phone” or “About Device” option and click it. The version should be listed in the “System” section. You might have to search around a little if you don’t know how to find it. The most current version of Android’s OS is version 10, but version 11 is in preview and should be released soon.
If you have higher end phone and haven’t changed the settings to allow it to run apps from “unknown sources” and have an antivirus app installed, you should be protected against this one, as well as many others.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at email@example.com