Featured Post

Best places to buy Kaspersky Anti-Virus in 2020 - Android Central

Image
Best places to buy Kaspersky Anti-Virus in 2020 - Android CentralBest places to buy Kaspersky Anti-Virus in 2020 - Android CentralAntivirus Software Market Pin-Point Analyses of Industry Competition Dynamics to Offer You a Competitive Edge - 3rd Watch NewsAntivirus Software Market Research with Covid-19 after Effects - Apsters NewsAntivirus Software Market Scope by Trends, Opportunities to Expand Significantly by 2026 - Jewish Life NewsBest places to buy Kaspersky Anti-Virus in 2020 - Android CentralPosted: 28 Apr 2020 12:00 AM PDTKaspersky Anti-Virus is one of the best computer protection programs around, and has been thoroughly tested by several third-party labs and in our own in-house tests, too. The best place to purchase a copy of Kaspersky Anti-Virus is from Kaspersky itself. However, you can often find deals through other vendors. The trick is finding a trustworthy one, so you don't accidentally purchase and download malware instead of a legitimate copy of Kaspersky. Here a…

New 'unremovable' xHelper malware has infected 45,000 Android devices - ZDNet

New 'unremovable' xHelper malware has infected 45,000 Android devices - ZDNet


New 'unremovable' xHelper malware has infected 45,000 Android devices - ZDNet

Posted: 29 Oct 2019 12:00 AM PDT

Android malware botnet

Over the past six months, a new Android malware strain has made a name for itself after popping up on the radar of several antivirus companies, and annoying users thanks to a self-reinstall mechanism that has made it near impossible to remove.

Named xHelper, this malware was first spotted back in March but slowly expanded to infect more than 32,000 devices by August (per Malwarebytes), eventually reaching a total of 45,000 infections this month (per Symantec).

The malware is on a clear upward trajectory. Symantec says the xHelper crew is making on average 131 new victims per day and around 2,400 new victims per month. Most of these infections have been spotted in India, the US, and Russia.

Installed via third-party apps

According to Malwarebytes, the source of these infections is "web redirects" that send users to web pages hosting Android apps. These sites instruct users on how to side-load unofficial Android apps from outside the Play Store. Code hidden in these apps downloads the xHelper trojan.

The good news is that the trojan doesn't carry out destructive operations. According to both Malwarebytes and Symantec, for most of its operational lifespan, the trojan has shown intrusive popup ads and notification spam. The ads and notifications redirect users to the Play Store, where victims are asked to install other apps -- a means through which the xHelper gang is making money from pay-per-install commissions.

xhelper-spam.png
Image: Malwarebytes

But the thing that's most "interesting" is that xHelper doesn't work like most other Android malware. Once the trojan gains access to an Android device via an initial app, xHelper installs itself as a separate self-standing service.

Uninstalling the original app won't remove xHelper, and the trojan will continue to live on users' devices, continuing to show popups and notification spam.

"Unremovable"

Furthermore, even if users spot the xHelper service in the Android operating system's Apps section, removing it doesn't work, as the trojan reinstalls itself every time, even after users perform a factory reset of the entire device.

How xHelper survives factory resets is still a mystery; however, both Malwarebytes and Symantec said xHelper doesn't tamper with system services system apps. In addition, Symantec also said that it was "unlikely that Xhelper comes preinstalled on devices."

xhelper-service.png
Image: Malwarebytes

In some cases, users said that even when they removed the xHelper service and then disabled the "Install apps from unknown sources" option, the setting kept turning itself back on, and the device was reinfected in a matter of minutes after being cleaned.

Over the past few months, many users have complained about xHelper's near "unremovable" state, on sites like Reddit, Google Play Help [1, 2], or other tech support forums.

xhelper-users.png
Image: ZDNet

Some users reported having success with some paid versions of mobile antivirus solutions, but others did not.

In a blog post published today, Symantec said the trojan is in a constant evolution, with new code updates being shipped out on a regular basis, explaining why some antivirus solutions manage to remove xHelper in some instances, but not later versions.

There appears to be a battle between the xHelper crew and mobile antivirus solutions, with each one trying to get the better of the other.

Of note is that both Symantec and Malwarebytes have also put out a warning regarding xHelper's features. While the trojan is currently engaging in spam and ad revenue, it also possesses other, more dangerous features. Both companies said xHelper can download and install other apps, a function that the xHelper crew could use at any point to deploy second-stage malware payloads, such as ransomware, banking trojans, DDoS bots, or password stealers.

Malwarebytes 4.0 Released With New UI and Scanning Engine - BleepingComputer

Posted: 04 Nov 2019 12:00 AM PST

Malwarebytes

Malwarebytes has released version 4.0 of their flagship antivirus product and with it comes a new scanning engine, a new user interface, threat statistics and more.

At this time, Malwarebytes 3.x is not automatically upgrading to Malwarebytes 4.0. If you wish to upgrade to this new version you will need to download the installer directly from Malwarebytes site.

Below we will take a look at what has changed in this new version.

A look at the new interface

The biggest change users will experience is the new user interface. With Malwarebytes 4.0, the main sections consisting of the quarantine, scanner, and real-time protection settings are clearly shown on the dashboard.

Caption

Clicking on a section will cause a flyout overlay to appear where you can changing settings, view the quarantine, or perform a scan

Of all the sections, the Real-Time Protection screen has changed the most. In this sections users can now easily manage the different protections, but also see stats on the malicious sites, ransomware, exploits, or malware and PUPs that Malwaerbytes 4.0 has prevented.

In addition, this section will also display the latest posts from the Malwarebyte's blog.

Malwarebytes Protection Settings
Malwarebytes Protection Settings

Other than that, the rest of the sections contain the same functionaality as the previous version.

Scanner section
Scanner section

Under the hood

Malwarebytes 4.0 comes with a new scanning engine called "Katana" that includes the following features:

  • Improved zero-hour detection – pinpoints new threats as they arise and before they can wreak havoc on your device
  • Expanded malware detection – blocks even more malware for improved protection
  • Signature-less behavioral detection – identifies the latest variants of dangerous malware families that attempt to evade traditional signatures through runtime packing, obfuscation and encryption, offering instant protection against new threats that traditional AV has a hard time detecting

With this release, Malwarebytes considers itself an antivirus replacement and will now register itself with the Windows Security settings as the primary antivirus solution on the computer. This makes it easy to manage from Windows and will allow Windows 10 to alert if you if the real-time protection feature is disabled.

Windows Security

Unfortunately, for users running Windows XP or Windows Vista, Malwarebytes 4.0 will no longer work on those operating systems. If you are running Windows XP or Vista, you can continue using Malwarebytes 3.x, which will be supported for the foreseeable future.

In full disclosure, BleepingComputer is an affiliate of Malwarebytes.

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US