Security researchers again warned of a malicious program that was difficult to remove, xHelper. Over the past year, xHelper has been distributed primarily through third-party app stores on devices that run Android 6 and 7 in Russia, Europe and Southwest Asia. Once installed it is difficult to uninstall, and the device cannot be cleared even if it is restored to factory settings.
When it is installed on the device disguised as a legitimate app, it downloads one Trojan to collect information over the Internet, then downloads another Trojan, and then uses a set of exploit codes to obtain root permissions for the device.
This set of exploit codes is primarily targeted at Chinese-made Android 6 and 7 devices. Once root permission is obtained, the malicious program mounts the operating system partition that enables write access, changing the mount() function code to prevent it from being deleted.
To completely remove xHelper may require completely erasing the files on the device, reinstalling a clean version, and resetting the factory settings cannot eliminate it.