SANTA CLARA, CALIFORNIA — Researchers at cybersecurity firms Malwarebytes and Symantec have uncovered an Android trojan called xHelper that is able to reinstall itself even after users have uninstalled it.
According to Symantec, the malware has already infected more than 45,000 devices, mainly in the U.S., India and Russia, over the last six months.
Malwarebytes explained in a blogpost that the malware is installed through web redirects that take users to web pages that host unofficial Android apps.
These unofficial apps include code that installs the xHelper trojan onto a users' phone once these apps have been downloaded.
The malware shows users popup ads and notification spam, though it doesn't seem to carry out any sketchy operations, according to Malwarebytes.
The ads and notifications lead users to Google's Play Store where they are asked to download more apps — a method by which authors of the xHelper trojan earn money each time these apps are installed.
Even if users restore their Android phones back to factory settings or manually uninstall the malware, the xHelper trojan is able to reinstall itself.
Some users have said even after disabling the "Install apps from unknown sources" option after manually uninstalling the app, their device was reinfected with the malware in a matter of minutes, according to ZDNet.
Symantec advised users to take precautions and not download apps from unfamiliar sites and to only install apps from trusted sources.
The company also advised users to pay close attention to permissions the app is seeking, backup important data frequently and install a suitable mobile security app to protect their device.