With the widespread use of smartphones and the Internet, hackers turned their aspects from smartphones to smartphones. Hackers who developed malicious software for mobile devices by developing themselves, managed to carry out attacks that force consumers in this area. One of the most popular malware of hackers in recent times has appeared as “xHelper”. xHelper has been spoken since the first days of 2020. This malware was so powerful that it was not a cure even if the Android phones infected with the software were returned to their factory settings. Of course, such powerful malware has not been overlooked by cyber security experts, and Kaspersky has worked on xHelper for a long time. The work has finally yielded results and how xHelper works. Research by the Kaspersky team has revealed that this malware is especially effective on Android 6 and Android 7 versions. According to research, xHelper was downloading a rootkit to the phone. This download was placed in the root files of the operating system installed on the phone, so xHelper continued to be threatening even if the phone was formatted. Research by cyber security experts reveals that xHelper, which has managed to infiltrate root files of Android, is read-only during normal system operation, that is, it is not affected by changes in the phone. However, xHelper did not only do these things, but gave special permission to the folders in which it was written. The application, which also made changes to Android libraries, was able to delete system-friendly applications from the phone. Research shows that Android’s open-source structure puts honey on xHelper’s bread. Because technology manufacturers can create their own custom version interfaces by customizing raw Android, which makes xHelper’s job easier if enough security improvements are not made. Cyber security experts say either reliable Android versions should be used or the phone needs to be replaced. xHelper has affected nearly 45 thousand Android devices to date. The vast majority of these devices were either using older Android versions or using 3rd party interfaces created by various developers. Although cyber security experts have discovered how this malware works, xHelper threatens Android users even today and it is not yet known how to get rid of this malware.