At least 45,000 Android-equipped devices have been infected by the "unremovable" xHelper app. Cybersecurity firm Symantec says it infects an average 131 users per day, mostly in the U.S., Russia and India.
Symantec first noticed xHelper this past March. The malware acts as a trojan, spoofing legitimate apps and redirecting users to sites outside Google's official Play Store. xHelper will not only spam users with pop-up ads, but reinstall itself if deleted — even after a factory reset.
There is a silver-lining, though — security companies like Symantec and Malwarebytes say xHelper doesn't carry any destructive properties or compromise a user's privacy. But xHelper isn't the only malware that's raising concerns about Android's security.
And recently, Forbes reported that a keyboard app developed by an Israeli firm had made millions of unauthorized purchases before it was removed from the Play Store in June.
Google has said it continues to police and remove apps, like xHelper, that violate its terms and conditions.