Android malware is often deceptive. A mobile app called Ads Blocker, for example, promised to remove pesky ads from your phone, which sometimes pop up to cover your screen just when you’re about to access something important. But people quickly found the app was nothing less than malware that served up more ads, according to security researchers.
It’s just one example of malware that can frustrate Android phone users, plaguing them with ads that the creators get paid to display, even when they’re looking at unrelated apps. Malware often also harvests fake clicks on the ads, doubling up on the value for the makers.
“They’re making money,” said Nathan Collier, a researcher at internet security company Malwarebytes who helped identify the bogus ad blocker in November, “And that’s the name of the game.”
Malware can be disorienting, getting in the way of how you normally use your phone and making you feel uneasy even if you aren’t sure what’s causing the problem. It’s also common. Malwarebytes says it found close to 200,000 total instances of malware on its customers’ devices in May and then again in June.
So how do you know if you have malware on your phone, and how can you stop it? Here are some takeaways from mobile malware experts on what you can do.
How malware on your phone works
Mobile malware typically takes one of two approaches, said Adam Bauer, a security researcher for mobile security company Lookout. The first type of malware tricks you into granting permissions that let it access sensitive information.
That’s where the Ads Blocker app fits in, and many of the permissions it requested sound like something a real ad blocker would have needed. But they also let the app run constantly in the background and show users ads even when they were using unrelated apps.
The second type of malware exploits vulnerabilities in phones, gaining access to sensitive information by giving itself administrator privileges. That reduces the need to get users to click “OK” on permissions requests, making it easier for malware to run without users noticing its presence on the device.
Signs of malware on your Android phone
If you notice these things happening, your phone might be infected:
- You’re seeing ads constantly, regardless of which app you’re using.
- You install an app, and then the icon immediately disappears.
- Your battery is draining much faster than usual.
- You see apps you don’t recognize on your phone.
These are all worrying signs that mean you should investigate further.
Ransomware on Android phones
Another type of malware is ransomware. Victims typically see their files locked away where you can’t use them. Typically, a pop-up demands payment in Bitcoin to get them back. Most Android ransomware can only lock up files on external storage, such as photos, Bauer said.
What mobile malware can do to your phone
Besides making you miserable with constant ads, mobile malware can access private information. Common targets include:
- Your banking credentials
- Your device information
- Your phone number or email address
- Your contact lists
Hackers can use this information for a variety of malevolent tasks. They can commit identity theft with your banking credentials. The Anubis banking Trojan, for example, accomplishes this by tricking users into granting it the access to an Android phone’s accessibility features. This, in turn, allows the malware to log every app that you launch and the text you enter, including passwords. After you grant the permission one time, the malware’s activity is completely invisible on-screen, with no sign anything malevolent is happening as you log into your accounts.
Hackers can also use malware to collect and sell your device and contact information, until you’re flooded with robocalls, texts and, oh yeah, more ads; and they can send links for more malware to everyone on your contacts list.
If you suspect your information has already been caught up in the robocall machine, you can see what your phone carrier offers to help keep the annoying phone calls to a minimum. For example, customers of T-Mobile, Sprint and MetroPCS will have access to Scam Shield, a free app announced in July.
How to stop malware on your Android phone
Whether you think you already have malware on your Android device or you just want to protect yourself, there are clear steps you can take.
First, keep your phone’s software updated. Security experts consistently rank a current OS and updated apps as one of the most important steps users can take to protect their devices and accounts. If you already have malware running on your phone, software updates from your phone-maker — say Android 10 or the upcoming Android 11 – can patch vulnerabilities and cut off the access the malicious software enjoyed. Updates can also keep malware from working in the first place.
Removing apps you think are malicious can be tricky. At times you can just remove the app’s permissions, delete the app and be done with it. Other malicious apps will give themselves administrator privileges, so they can’t just be deleted without extra steps. If you have trouble removing a specific app, you can try looking it up online to find what has worked for other people.
You can also consider installing antivirus apps. These services can sometimes slow your phone, and they do have heightened access to your phone in order to spot malicious behavior, so you have to choose one you trust. And you’re likely to want to choose the paid option if you can, both to unlock all the best features and to avoid seeing even more ads.
Still, the apps can warn you about malware on your phone and offer you customer service when you need to deal with something nasty. At the very least, you can use a well-known program like Malwarebytes, Norton, Lookout or Bitdefender to scan your device if you think you already have malware installed.
Finally, you can get rid of or avoid Android apps downloaded from third-party app stores. These apps don’t go through review by Google and can more easily sneak malicious software onto your phone. Google doesn’t catch everything before it gets on your phone, as reports about malicious Android apps being removed show, but sticking to the official Google Play Store — and having a direct outlet to report problems you encounter — is a further line of defense.