'Unkillable' Android malware gives hackers full remote access to your phone

News
By published

It's trojans all the way down

Android phone malware
(Image credit: Shutterstock)

Security experts are warning Android users about a particularly nasty strain of malware that's almost impossible to remove.

Researcher Igor Golovin from Kaspersky has written a blog post explaining how the xHelper malware uses a system of nested programs, not unlike a Russian matryoshka doll, that makes it incredibly stubborn.

The xHelper malware was first discovered last year, but Golovin has only now established exactly how it gets its claws so deeply into your device, and reappears even after a system restore.

Although the Google Play Store isn't foolproof, unofficial third party app stores are much more likely to harbor malicious apps. App-screening service Google Play Protect blocked more than 1.9 million malware-laced app installs last year, including many side-loaded or installed from unofficial sources, but it's not foolproof.

xHelper is often distributed through third-party stores disguised as a popular cleanup or maintenance app to boost your phone's performance, and once there, is amazingly stubborn.

In too deep

When the malware is first installed, it downloads a 'dropper' trojan, which collects information on your device and installs another trojan. This then downloads exploit code that gives it root access to your device, where it can cause whatever mayhem its creators see fit. 

Removing the infection is extremely difficult. All these downloads are hidden deep in the system files, making them hard to find, and the dropper that's installed in the system partition can start the process all over again even after a factory reset.

Golovin advises reflashing the phone, but warns that sometimes the factory-installed firmware might contain xHelper, in which case there's very little you can do. "If you do use a different firmware, remember that some of the device’s components might not operate properly," he advises.

"In any event, using a smartphone infected with xHelper is extremely dangerous. The malware installs a backdoor with the ability to execute commands as a superuser. It provides the attackers with full access to all app data and can be used by other malware too, for example, CookieThief."

See more News about Phones
TOPICS
Cat Ellis
Cat Ellis
Homes Editor

Cat is TechRadar's Homes Editor specializing in kitchen appliances and smart home technology. She's been a tech journalist for 15 years, and is here to help you choose the right devices for your home and do more with them. When not working she's a keen home baker, and makes a pretty mean macaron.

Latest in Phones
Google Pixel 9
Android 16 could bring an improved Samsung DeX-style desktop mode to more phones
Apple products all showing different versions of the Apple Photos app
Apple Photos could actually win you over in iOS 18.4 – here are 4 improvements that are coming
Google Pixel 9 in Wintergreen showing back camera bar
The Google Pixel 10 could get a big camera boost if this new leak is legit
The Samsung Galaxy S25 Edge, close up on the dual camera system, against a marbled background
The Samsung Galaxy S25 Edge is being tipped to come with a sweet Google Gemini deal
Google Pixel 9 on green grey background with price cut text overlay
Want to get a half-price unlimited plan and a Google Pixel 9 for just $400? Check out Mint Mobile this week
iOS 18 Control Center
iOS 19: the 3 biggest rumors so far, and what I want to see
Latest in News
Google Gemini Robotics
Gemini just got physical and you should prepare for a robot revolution
Lilo & Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'
More about phones
Apple products all showing different versions of the Apple Photos app

Apple Photos could actually win you over in iOS 18.4 – here are 4 improvements that are coming
Google Pixel 9

Android 16 could bring an improved Samsung DeX-style desktop mode to more phones

iRobot Roomba Combo 205

This new Roomba finally solves the big problem I have with robot vacuums
See more latest
Most Popular
iRobot Roomba Combo 205
This new Roomba finally solves the big problem I have with robot vacuums
Google Gemini Robotics
Gemini just got physical and you should prepare for a robot revolution
Mac Studio on a desk
I compared Apple's Mac Studio M3 Ultra with 10 Windows workstations and I am truly shocked by what I found
Lilo & Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
China
Chinese hackers targeting Juniper Networks routers, so patch now
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Bolt Zeus 2c26-032 PCIe card
This GPU vendor I've never heard of claims its card is 10x faster than an Nvidia RTX 5090 at real time path tracing
Google Meet create custom backgrounds
More AI features are coming to Google Workspace
A mockup of the possible Apple M3 Ultra logo
Performance isn't the only reason you should buy Apple's M3 Ultra Mac Studio - it's reportedly one of the most power-efficient processors too