SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story:
An Android malware package likened to a Russian matryoshka nesting doll has security researchers raising the alarm, since it appears it's almost impossible to get rid of.
Known as xHelper, the malware has been spreading mainly in Russia, Europe, and Southwest Asia on Android 6 and 7 devices (which while old and out of date, make up around 15 per cent of the current user base) for the past year from unofficial app stores. Once on a gizmo, it opens a backdoor, allowing miscreants to spy on owners, steal their data, and cause mischief.
It has only recently been picked apart by Kaspersky Lab bods, and what makes the malware particularly nasty, the researchers say, is how it operates on multiple layers on the tablets and handsets it infects.
"The main feature of xHelper is entrenchment," explained Igor Golovin on Tuesday. "Once it gets into the phone, it somehow remains there even after the user deletes it and restores the factory settings."
[...] The best thing to do, though, is go a step further than a factory reset, and erase the flash memory completely, including the system partition, and put in a fresh clean copy. "If you have Recovery mode set up on your Android smartphone," said Golovin, "you can try to extract the libc.so file from the original firmware and replace the infected one with it, before removing all malware from the system partition. However, it’s simpler and more reliable to completely reflash the phone."
Even better advice is to avoid downloading any suspicious apps from the Google Play Store, just to be safe, and definitely don't use unauthorized third-party stores at all.
(Score: 4, Insightful) by Runaway1956 on Thursday April 09 2020, @01:17AM (4 children)
Open source, Linux, yada yada yada. Except, it isn't. Imagine if you purchased a desktop, a server, or a laptop, with some Unix-like preinstalled, and you couldn't switch to another OS, you can't install or uninstall anything. And, you can only grab updates (if any) from the vendor's own site.
That ain't Linux, and that ain't open source.
Blame Google, blame the manufacturers, blame the telcos. They are all party to the current situation, where the end purchaser doesn't really own his phone.
(Score: 1, Insightful) by Anonymous Coward on Thursday April 09 2020, @02:27AM (3 children)
I love all the posts and sites that say "just root your device".
Can you afford to brick a computer worth hundreds? I don't know about anyone else, but my other half would be pissed.
(Score: 2) by Runaway1956 on Thursday April 09 2020, @05:26AM (1 child)
Exactly. I do crazy stuff with my own hardware, but it's "hands off" of the wife's stuff. Yeah, it's actually pretty easy to root a phone - except if you screw it up. And, I've actually screwed it up. So, to preserve peace in the family, I don't mess with her stuff.
(Score: 2) by sjames on Thursday April 09 2020, @12:35PM
That's the thing with smartphones, they make them such that you can really brick it. It's hard to brick a PC without opening it up and physically manipulating the hardware in bad ways. You might wipe all your data, it might not even boot, but given an install disk, the PC itself isn't bricked.
There are even mainboards with two copies of the BIOS so you can recover if you mess one up, then flash the corrupted image back to factory and safely try again.
(Score: 0) by Anonymous Coward on Thursday April 09 2020, @02:19PM
TWRP [twrp.me]
NANDROID Backup [gadgethacks.com]
Custom Roms [xda-developers.com]
And you're welcome.