Skip to main content

Android malware keeps returning even after factory reset through Google Play

Cybersecurity firm Malwarebytes revealed a form of Android malware that keeps returning even after performing a factory reset on a smartphone.

Recommended Videos

Malwarebytes discovered the Android trojan named the xHelper in May 2019. The malware is capable of installing itself on an Android device without notifying the owner, then receives remote commands and downloads additional malware into the infected smartphone or tablet.

Please enable Javascript to view this content

Unfortunately, it appears that xHelper is still evolving. Amelia, an Android device owner, reached out to the Malwarebytes support forum to seek help for a curious case.

Amelia was able to remove two variants of xHelper and a trojan agent from her Android device through Malwarebytes’ app. However, xHelper kept coming back less than an hour after it was removed, even after Amelia performed a factory reset on her phone.

In Malwarebytes’ investigation, the first suspect for the returning xHelper was pre-installed malware, which was a possibility because Amelia’s phone was made by an unnamed, lesser-known manufacturer. However, after Amelia was guided through the process of checking if this was the case, xHelper did not go away.

Malwarebytes then noticed that the source of installation for xHelper was Google Play. When the service was deactivated, the re-infections of the malware stopped.

The firm determined that Google Play itself was not infected with malware, but it was triggering the re-installation of xHelper. They then discovered an Android application package hidden inside the phone’s files that serves as a trojan dropper. Directories and files, including the APK, remain on an Android device even after a factory reset, unlike apps, which is how xHelper keeps infecting the phone. The method for installing the APK through something triggered by Google Play, however, is still under investigation.

Malwarebytes, which detailed a step-by-step guide for removing xHelper malware, tagged Amelia’s case as a “new era in mobile malware,” as a factory reset is usually the last, but effective, option in cleaning an infected device. Fortunately, Amelia “was as persistent as xHelper itself” in searching for the truth behind the case.

Hackers are continuously evolving, taking advantage of technology and current events for their attacks. As always, people should remain vigilant against cybersecurity threats and are recommended to reach out to experts for any suspected security risks.

Aaron Mamiit
Aaron received an NES and a copy of Super Mario Bros. for Christmas when he was four years old, and he has been fascinated…
Upcoming OnePlus Watch 3 might have a rotating crown
Third part watch face on OnePlus Watch 2r.

After a less-than-exciting launch with the OnePlus Watch 2, it's time for a change — and hopefully, a wearable that more closely matches modern devices. We expect the OnePlus Watch 3 to release on January 7, but now new details suggest it might come with a rotating crown.

This update is a big win for OnePlus Watch fans. The crown has been a long-requested feature that will make it easier to navigate through the interface, and improved sensors give access to ECGs and other features that were missing in the previous generation, according to Yogesh Brar.

Read more
Google proposes big changes for the future of Search and Android apps
Google Chrome on an Android phone.

Google’s ongoing antitrust tussle spawned a list of sweeping policy suggestions — including a proposed sale of the Chrome business — by the Department of Justice. The focus of the lawsuit centers on the Search monopoly, but it has serious ramifications for Android and the overall browser situation.

Now, Google has shared its own “remedies proposal” to the DOJ’s recommendations, which it claims are going “far beyond what the Court’s decision is actually about.”

Read more
Gemini brings a fantastic PDF superpower to Files by Google app
step of Gemini processing a PDF in Files by Google app.

Google is on a quest to push its Gemini AI chatbot in as many productivity tools as possible. The latest app to get some generative AI lift is the Files by Google app, which now automatically pulls up Gemini analysis when you open a PDF document.

The feature, which was first shared on the r/Android Reddit community, is now live for phones running Android 15. Digital Trends tested this feature on a Pixel 9 running the stable build of Android 15 and the latest version of Google’s file manager app.

Read more