Login

**sidemoon** · 04-18-2020 , 03:43 PM

Quote: The precise cause of the reinfections stumped researchers for months.

In February, a researcher detailed a widely circulating Android backdoor that’s so pernicious that it survives factory resets, a trait that makes the malware impossible to remove without taking unusual measures.

The analysis found that the unusual persistence was the result of rogue folders containing a trojan installer, neither of which was removed by a reset.
The trojan dropper would then reinstall the backdoor in the event of a reset. Despite those insights, the researcher still didn’t know precisely how that happened.

Now, a different researcher has filled in the missing pieces. More about that later. First, a brief summary of xHelper.

A backdoor with superuser rights

Continue reading here:
https://arstechnica.com/information-technology/2020/04/solved-how-android-backdoor-called-xhelper-survives-factory-resets/

Login
Username:
Password:	Lost Password?
	Remember me

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	New SideWalk Backdoor Targeting U.S. Computer Retailers	mrtrout	0	1,391	08-27-2021 , 01:22 AM Last Post: mrtrout
	Audacity 3.0 called spyware over data collection changes by new owner	mrtrout	0	1,129	07-06-2021 , 12:30 AM Last Post: mrtrout
	Researchers Warn of Facefish Backdoor Spreading Linux Rootkits	mrtrout	0	823	05-28-2021 , 10:58 PM Last Post: mrtrout
	Bizarro Banking Trojan Sports Sophisticated Backdoor	Bjyda	0	775	05-23-2021 , 09:22 PM Last Post: Bjyda
	Palo Alto firewall software vulnerability quartet revealed	Bjyda	0	676	02-13-2021 , 09:59 PM Last Post: Bjyda