Originally posted on androidpolice.
Is it really a virus or another type of malware? Let’s fix it anyway
Mobile viruses are unheard of, compared to computer viruses, and internet users have long argued over their existence. While your phone can fall prey to malware, it’s unlikely that it’s a virus. Android phones are more exposed to malware than iPhones because of their open source operating system (OS). Downloading files from anywhere on the internet is a perk, but just this once, Apple users are lucky not to have it.
Your phone can pick up malware from third-party websites, apps, or strange email and text message interactions. There are some indications when it’s infected, ranging from slow performance to excessive data consumption. But sometimes, faulty hardware and bugs may be responsible, so it’s hard to know for sure. If your phone has come down with a bad case of malware, here are some effective methods to diagnose and remove it quickly.
Can phones get viruses?
Phones can get many types of malware ranging from Trojan horses to spyware. There have been online debates surrounding if a virus is one of them. But you need to understand the difference between malware and a virus to determine the answer.
Malware is an umbrella term for any malicious program or software that enters your device without consent, disrupts its normal operation, and causes damage or steals sensitive information. Although mobile and computer malware have these traits in common, two other things separate them: replication and intent.
A virus is one type of malware that attaches itself to a program, which can be a document, application, or media file. It remains dormant until you open these files, then begins making copies of itself to spread to other programs. When you send infected programs to another computer, the virus continues to branch out throughout the system, and the pattern doesn’t end until you forcefully remove it and all affected files. The intent is to corrupt, delete, encrypt, control, or destroy files and systems.
The mobile malware we often confuse as viruses are mostly Trojan horses, spyware, and worms. Worms are the closest lookalikes to viruses as they can spread. However, they don’t need a host program. After entering your phone, they can actively deal damage without you opening anything. As for Trojan horses, they can’t self-execute, nor can they replicate. Malware is usually a door opener for its developers to steal profitable information.
Even though it’s rare for your phone to contract a virus, malware may open a backdoor for one to come in eventually. If you jailbreak your phone, it makes the process easier. Although mobile malware is not as aggressive as its virus counterparts, they are annoying. Examples of some that have attacked phones in the past include:
- Cabir: The first recorded mobile worm on Symbian phones in 2004. It displayed the word “Caribe” on screens and was able to spread via Bluetooth signals. But it was harmless.
- OpFake: A Trojan horse that secretly sends multiple text messages and asks for administrator rights to your device.
- Android/Filecoder.C: A ransomware that appeared in 2019. It locks your files and forces you to make a payment to access them.
- Loki Bot spyware: A Trojan horse that steals usernames and passwords, among other credentials.
Your phone’s vulnerability to malware depends on your device’s OS. According to Kaspersky, most of them are designed to attack any widely used OS that has many vulnerabilities. For example, Android phones because of their open source OS. You can install unknown apps and media files from many third-party sources when the Google Play Store doesn’t have them. Google deactivates this privilege by default, but you can turn it on if you accept the risks.
If you’re unlucky, you could introduce Trojan horses into your phone when downloading content from a malicious website, for example, torrenting and modded app websites. To Apple, malware doesn’t exist. Its closed ecosystem prevents users from installing third-party apps, which means you’re restricted to what Apple has screened, approved, and made available on its App Store or supported devices.
Common signs that you have malware on your phone
Below are regular signs to look out for when diagnosing malware on your phone:
- Frequent app crashes: App crashes are inevitable. But if more apps are closing unexpectedly or not functioning properly, there may be malware at work.
- Increased data consumption: Infected apps run in the background, consuming more data. You can force close them or wipe their storage data, but this solution is temporary. All background processes resume when you reopen the app.
- Unexplainable spam texts: Malware can send links via emails or texts to your contacts to bait them. Hackers may also use them to make purchases without your knowledge. You may notice these suspicious transactions in your bank statement or receive the receipts via email.
- Quick battery drain: Since infected apps run in the background without your knowledge, they can strain your battery life.
- Overheating: Infected background apps background consume RAM. Your phone may struggle to perform other tasks at once, causing its temperature to run hot quickly.
- Ad floods & hijacked browsers: When adware corrupts your device, it may control your browser, redirect you to different web pages, install unauthorized extensions, and target you with many ads.
- Google signs you out: When Google detects malware on your device, it automatically removes your accounts and displays an alert. The headline reads, “You have been signed out for your protection.” You’ll see recommendations to restore your accounts.
- Strange apps appear: New apps suddenly appear on your phone, and you don’t remember installing them.
Scan and remove malware
McAfee security powers the latest Samsung smartphones, and you can check for viruses with the inbuilt scan tool. Other devices can use Google Play Protect. We explain how to use it later in this article. Also, you can download free scanners and antiviruses from the Google Play Store. While “free” is tempting, they offer fewer security features than the paid versions and sometimes display false positives when scanning for malware.
Alternatively, boot your phone into Safe mode. Safe mode launches a version of your phone that only runs system apps. This way, you can use it as if it were factory reset and observe if an issue is from the device or the apps you recently installed. After making a diagnosis, uninstall the apps and turn off Safe mode. The steps to launch it may vary depending on your device’s model and OS.
Scan and remove malware on Samsung phones
- Go to Settings > Battery and device care.
- Select Device protection.
- Tap Scan phone. McAfee checks every app for threats. If found, follow the prompts to remove them.
Remove malware in Android safe mode
- Hold the power or lock button on the side of your phone. Alternatively, swipe down on your phone screen with two fingers. Then tap the power icon.
- Power offSafe mode
- Observe your device. If it works normally, begin deleting the suspected apps. Long-press their gray icons, then tap Uninstall.
- Safe mode is on
Uninstall infected apps
Besides safe mode, you can uninstall apps the normal way to remove malware. This process wipes every data associated with the app, including saved login details and caches. For the best results, delete apps one at a time, then restart your phone after every deletion. This way, you’ll know which app caused it to malfunction and avoid deleting others unnecessarily.
You may find it difficult to uninstall certain infected apps. When you try to do it, your phone notifies you that the package is a device administrator. Admin apps can erase data, lock your phone, and change your lock type, among other rights. Not all apps have this permission setting, but it’s worth checking to see that you haven’t accidentally enabled one.
Follow the steps below to remove device admins and permanently uninstall them.
Remove apps as admins
- Go to Settings > Security and privacy.
- Tap Other security settings.
- Select Device admin apps.
- Tap an app. Then select Deactivate.
Once you’ve stripped an app of its admin privileges, uninstall it again.
Uninstall apps on Android phones
- Long-press an app from your homescreen or app menu.
- Select Uninstall.
- Tap OK to confirm the action.
- Restart your device.
Clear your browser’s cache
Applications store website caches to load them quicker each time you revisit. Clearing them doesn’t affect existing issues, but it’s a good idea after a malware cleanup. You want to make sure you’ve erased every connection between your phone and malicious websites. You can either clear the app cache or clear cached data within the app. Do both to be on the safe side.
Once that’s done, clear browser cookies next. If you accept, websites store them on your device to monitor your online activity and remember key information about you, such as your login details. Hackers may use them to enter your account as you and steal sensitive data if you don’t wipe them. A harsher solution is to delete the browser app’s storage data. While this choice erases caches and cookies simultaneously, it also means you’ll lose your browsing history, download records, and shortcuts.
Enable Google Play Protect
Google Play Protect scans every app you install regardless of where you download them from. It also runs periodic checks on your phone’s security. On detection, Play Protect either notifies you to uninstall malicious apps or it automatically removes them and informs you afterward. To turn the feature on, follow the steps below:
- Open Google Play Store.
- Tap your profile icon in the upper-right corner.
- Select Play Protect from the menu options.
- Tap Turn on to enable the feature, and begin a scan.
Update your phone’s OS
Updating your phone to the latest OS version improves its functionality and compatibility with apps and other devices. You’ll also patch issues that cause it to malfunction and receive interesting new features. If you root your device, you may void your warranty and lose access to further updates and security features. According to Google’s support page, you can regain them if you reinstall the original Android OS for your device.
Typically, you’ll receive a notification when an update is available. But if you don’t, check for software updates in the settings menu.
Factory reset your phone
When you perform a factory reset on your phone, it deletes every setting, file, or app, returning the device to its original state before unboxing and activation. You should only consider it if all other steps fail to remove the malware. A backup should save you from data loss, but there’s a chance that you could upload corrupted data to the cloud. When you restore them, the malware reinfects your phone and renders the factory reset pointless.
If you need those files, use an extraction or recovery tool to separate the data from the virus. However, it’s not a solution we recommend, as you still need to download the tool from a third-party source.
Protect your phone with the best antivirus practices
Permanently removing a virus from your phone is one success. It will be short-lived if you continue harmful practices that endanger your phone. Moving forward, avoid suspicious websites, apps, and links from untrusted sources. Some websites don’t need you to download anything and may use keystroke logging to steal sensitive information when you type. If you fear that your privacy has been compromised, here are some tips to protect your phone.
Change your passwords
Your Google account connects several tools containing sensitive data, from Drive to Docs and Sheets. In the wrong hands, your password is the key to losing all that data. Ensure to change your Google password immediately after tackling malware.
Reset your network settings
Resetting your network settings removes every Wi-Fi network username, password, and setting from your phone. It also erases Bluetooth, VPN, and local history settings. If you shared a connection with a suspicious device previously, the reset terminates automatic reconnections in the future and prevents them from sending corrupt files to your phone without authorization.
Avoid suspicious apps and platforms
Asking you not to download third-party apps will most likely go unheeded. So if you must, thoroughly research the platform you’re downloading them from. Check the reviews and ratings. If they have none or few, avoid them.
Some malware may disguise as legitimate apps or hide inside phone cleaners or optimizers. Modern Android phones provide different ways to free up your storage, so you don’t need such apps.
Manage permissions and access
Malware can hide inside your phone for months, and antiviruses won’t detect them. So you shouldn’t rely on scans for security. Though you can’t have constant and all-around sight on background processes, you can manage what apps can or can’t access on your device. An often overlooked feature is the clipboard alert that could help you combat keystroke logging. It tells you when an app wants to copy text, images, or other content from your keyboard.
To manage permissions, go to Settings > Security and privacy > Privacy > Permission manager. Then review each category and what apps can access it.
To enable clipboard alerts, go to Settings > Security and privacy > Privacy. Then tap Alert when clipboard accessed.
Backup your data
A phone backup works best if you do it before a malware attack, not after. Hence, it’s important to do it regularly. This way, you can factory reset your device without second thoughts and recover your files easily.
You can use one of the numerous cloud storage options for free and sync across your computers and tablets.
A malware attack can happen to anyone
Google’s free and flexible Android OS allows users to enhance hardware capabilities on their own and collaborate from anywhere in the world. However, it doesn’t come without sacrifices. An open source ecosystem means having vulnerabilities that hackers are hungry to exploit. It’s why many people prefer Apple’s top-notch security system and tag Google products as unsafe.
But it’s not as scary as it sounds. On your first use, your Android phone’s safety features are activated. You can’t download from untrusted sources unless you turn off the settings or jailbreak your phone. Even your Chromebook is an impregnable fortress unless you go out of your way to remove all its security features. Ultimately, it’s up to you to take caution when exploring the web and its contents.