Android, discovered a virus that can’t be deleted

Xiny is an Android virus that doesn't allow the user to delete it from the smartphone. Here's what you risk and how to defend yourself

It hasn't been seen since back in 2016, but in recent months it would seem to be back in action according to what Dr Web discovered. This is the dangerous Xiny virus, first intercepted by the cybersecurity company in 2015 and again in late 2019. It is a virus with a nasty peculiarity: you cannot delete it.

The trick put in place by Xiny is simple: add the "read only" attribute to the APK file that contains it, making it read-only. This way, even if we delete the app that carried it, it (and with it the virus) is reinstalled the next time the smartphone is started. At the time of Xiny's first appearance, Dr Web solved the problem by asking the user for root permissions for his antivirus and, once obtained, removing the read-only attribute from the APK file. The issue seemed to be resolved, but now Xiny is back. The modus operandi would always seem to be the same, as the monetization mechanism of this virus for those who created it seems identical.

Malware vintage

The very interesting thing about Xiny is that it is a malware specific for smartphones equipped with old operating systems: it only comes into action on Android 5.1 or earlier. What sense does it make, in late 2019, to reactivate a malware that only works with pre-2015 operating systems? It makes sense, and a lot of it according to Google's own data that talks about at least a quarter of Android smartphones around the world that still have version 5 or earlier of the operating system. And since they're also smartphones that no longer have any official support or security patches from manufacturers, you'll understand that for malware creators they represent a veritable prairie where they can graze in peace.

What Xiny does

Unfortunately, at least in this 2020 version of it, it would seem that Xiny isn't that dangerous but just very annoying. Basically, once it takes over the device, it would just download more apps without the user's permission: tons of non-dangerous, but totally useless software is downloaded on the smartphone. And that would be exactly how the developers of this malware manage to make some money out of a myriad of old, and now insecure, Android devices. However, and this is the worst part of the matter, it happens that the affected smartphones are so overloaded with useless apps that they eventually run out of space and resources and become unusable.