The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Android ROM

Unveiled: How xHelper Android Malware Re-Installs Even After Factory Reset

Unveiled: How xHelper Android Malware Re-Installs Even After Factory Reset

April 07, 2020Mohit Kumar
Remember xHelper? A mysterious piece of Android malware that re-installs itself on infected devices even after users delete it or factory reset their devices—making it nearly impossible to remove. xHelper reportedly infected over 45,000 devices last year, and since then, cybersecurity researchers have been trying to unfold how the malware survives factory reset and how it infected so many devices in the first place. In a blog post published today, Igor Golovin, malware analyst at Kaspersky, finally solved the mystery by unveiling technical details on the persistence mechanism used by this malware, and eventually also figured out how to remove xHelper from an infected device completely. As the initial attack vector and for distribution, the malware app disguises itself as a popular cleaner and speed optimization app for smartphones — affecting mostly users in Russia (80.56%), India (3.43%), and Algeria (2.43%). "But in reality, there is nothing useful about it: af
Google Makes it Mandatory for OEMs to Roll Out Android Security Updates Regularly

Google Makes it Mandatory for OEMs to Roll Out Android Security Updates Regularly

May 11, 2018Mohit Kumar
Security of Android devices has been a nightmare since its inception, and the biggest reason being is that users don't receive latest security patch updates regularly. Precisely, it's your device manufacturer (Android OEMs) actually who takes time to roll out security patches for your devices and sometimes, even has been caught lying about security updates , telling customers that their smartphones are running the latest updates. Since Google did not have direct control over the OEM branded firmware running on billions of devices, it brought some significant changes to the Android system architecture last year with Project Treble gain more control over the update process. Although Google and device manufacturers have made some progress in the past year, the problem with the security update remains because of OEMs not delivering all patches regularly and on a timely basis, leaving parts of the Android ecosystem exposed to hackers. But here's good news—starting wi
All OnePlus Devices Vulnerable to Remote Attacks Due to 4  Unpatched Flaws

All OnePlus Devices Vulnerable to Remote Attacks Due to 4 Unpatched Flaws

May 11, 2017Swati Khandelwal
There is a bad news for all OnePlus lovers. A security researcher has discovered four vulnerabilities that affect all OnePlus handsets, including One, X, 2, 3 and 3T, running the latest versions of OxygenOS 4.1.3 (worldwide) and below, as well as HydrogenOS 3.0 and below (for Chinese users). Damn, I am feeling bad, I myself use OnePlus. One of the unpatched vulnerabilities allows Man-in-the-Middle (MitM) attack against OnePlus device users, allowing a remote attacker to downgrade the device's operating system to an older version, which could then expand the attack surface for exploitation of previously disclosed now-patched vulnerabilities. What's even worse? The other two vulnerabilities also allow an MitM attacker to replace any version of OxygenOS with HydrogenOS (or vice versa), as well as to replace the operating system with a completely different malicious ROM loaded with spying apps. The vulnerabilities have been discovered by Roee Hay of Aleph Research, HCL
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.