Android non-removable Trojan Xiny infects half a billion devices: here's how to remove

Xiny, known as Android.Xiny.5260 to cybersecurity experts, counts among the first Trojans which makes it read-only

Malware is just another form of applications with a different agenda. Crafted usually to lure users in one way or another, these apps often camouflage as legitimate apps or hide in such a way that they can't be removed from the system even if you want them uninstalled. Take Xiny for example, an Android Trojan which has been there since the year 2015 and is still alive and kicking. It has millions of victims who are entirely unaware of its existence or its hidden agenda.

Recent research by cybersecurity company Dr Web has said that Xiny, known as Android.Xiny.5260 to cybersecurity experts, counts among the first Trojans, which makes it read-only. Simply put, a read-only system file allows you to read but never lets you modify or delete the data. The Xiny Trojan, however, lets the victims delete the app data. Still, the APK installer file remains intact in the system to do the job for the malware author.

Found in 2016?
The Dr Web researchers claimed the Trojan has existed in the Android arena since 2016. But even after tracking the Trojan in tens of millions of Android devices, they were unable to disinfect all of them since the process requires root-level administration access.
Affected Android version
Interestingly, Xiny Trojan is capable of infecting Android devices running on Android 5.1 Lollipop and below. Though most of the readers of this article are out of the list, there are still millions of affected devices. According to a May 7, 2019, survey by Google, there are 25.1% Android users out there, using smartphone running on Android 5.1 or below.

In the same report, Google put the total number of Android users in the world at around 2.5 billion, which means almost half a billion devices are still infected with Xiny Android Trojan.

How Xiny Works
The Dr Web analysis found that the Trojan is capable of installing apps in the victims' devices without seeking any permission. In the process, the malware author makes massive money from pay-per-install referral programs just by installing numerous apps in the device. Once Xiny installs itself in a device, it connects back to its control server and installs tons of unwanted apps in the victims' phones and makes the devices snail slow.

How to get rid of it
The article has explained that Xiny affected devices can only be saved by flashing the system installed ROM with the official firmware. In other words, upgrade of your device Android version is possible. However, you should take a complete backup of the system before doing it, since the flashing process wipes entire internal storage, including your files, images, videos, and so on.

android malware attacks
Representative Image: A 3D printed Android logo is seen in front of a displayed cyber code in this illustration taken 22 March 2016 Dado Ruvic/Illustration/Reuters
READ MORE