NEW DELHI: Cybersecurity firm Symantec has found a malware source code that hackers are preparing to most likely attack Reliance Jio users. The malware dubbed as Xhelper hide in phones and download other malicious app or show advertisements. Dubbed as . “We spotted many classes and constant variables labeled as ‘Jio’. These classes are unimplemented for now but we suspect that the attackers may be planning to target Jio users at a future date,” said the company in an official blog post.
Xhelper is basically downloads as an app on the victim’s phone and then automatically gets hidden. This app has not been found in the official Google Play Android app store but was spotted on third party app stores and other unknown sources. Reliance Jio users are highly recommended not to download random apps or install unknown APK files.
This malware has the ability to reinstall itself after users uninstall it and is designed to stay hidden by not appearing on the system’s launcher. The app has infected over 45,000 devices in the past six months, claims Symantec.
“Once Xhelper gains a foothold on the victim’s device, it begins executing its core malicious functionality by decrypting to memory the malicious payload embedded in its package. The malicious payload then connects to the attacker’s command and control (C&C) server and waits for commands. To prevent this communication from being intercepted, SSL certificate pinning is used for all communication between the victim’s device and the C&C server,” it said.
Recently, Symantec found two apps — with a collective download count of approximately 1.5 million — have been stealthily clicking on ads from the users’ devices. These apps went unnoticed on the Google Play Store for nearly a year. Among the two apps, one is a notepad app called Idea Note: OCR Text Scanner, GTD, Color Notes and the other is a fitness app called Beauty Fitness: daily workout, best HIIT coach. Both the apps are now removed by Google.