If you ever ran into malware on your desktop computer, you might be familiar with how many issues that can cause for your system. Beyond messing with your PC, malicious software can compromise important data and personal details. Those same threats can still be encountered on a mobile device, especially if you own an Android.
The ideal scenario would be to have some sort of protection set up to prevent any cyber threat from executing on your device. Unfortunately, that is not always the case. If you suspect that your Android has been infected with malware and want to remove the malicious application from your phone, this guide will help you out with that.
What is malware?
Malware is short for malicious software. It refers to any program running on your system that has bad intentions, usually to gain some leverage over you. There are many different forms of malware, such as adware, ransomware, keyloggers, spyware, and many more. If you’re interested in finding out more about the different types of viruses and what they do, we recommend our guide on malware categories.
Symptoms of malware on your device
What matters most in your situation right now is identifying whether your Android system is at risk or not. The following is a list of symptoms that could indicate malware has been introduced into your phone:
- Unknown apps showing up: If you notice one or more applications that you do not remember installing and are not embedded in your system (e.g. Samsung Health on Galaxy devices), that is a sign of suspicion that may require further inspection.
- Higher phone service bills: A common practice by attackers is cooperating with third-party companies that provide shortcodes (usually very short phone numbers like 44312) with premium prices (e.g. $1.99 for one SMS). Attackers gain access to your phone through malware and send several of these messages for a commission. Your service provider (e.g AT&T,Verizon, etc.) then bills you for the costs to those premium numbers who are often disguised as legitimate services. Such attacks can be hard to make out if you don’t regularly check your phone bill transactions.
- Less battery time: Malware running in the background can take up a lot of resources from your hardware, so you are left with less battery percentage to use for important tasks. If the malware is not disguised well enough, you can sometimes directly check for the app that is using up most of your battery in the settings.
- Unstable operating system: If you see any of your apps crashing over and over again, that is another potential sign of malware infection. Malware often consumes CPU resources, corrupts and interferes with files. Therefore Android operating systems, which usually handle Play Store applications pretty well, may have problems running programs and crash entirely.
- Unexpected browser changes: Should you notice your web browser’s homepage change to an unfamiliar one or keep redirecting you to certain websites (especially sketchy ones, e.g. warning you that “(1) virus has been detected on your device”), that may be caused by malware.
- Pop-ups and ads: Adware programs tend to spam your device with pop-ups in order to make advertising money. If you encounter intrusive ads on your phone and browser, immediately investigate further.
How to identify and get rid of a virus on your Android?
Now that you have a better idea of how malware manifests on your phone, the next step is to identify whether the symptoms can be related to something else or if it really is malware that is making the changes on your device.
1. Close unnecessary tabs and clear cache
Sometimes when you have too many tabs open, certain phones (especially the ones on the lower end) can slow down their performance. Cache on the other hand is like the short-term memory of your phone and it holds temporary files. If too many of those files are in your cache currently, your phone may run slower. For Samsung devices go to the Settings app under Device care. There, Samsung will automatically give you the option to optimize your device’s performance.
If you want to clear up more specific space, you can access the Storage and Memory sections of the Device care settings.
Once you clear up as much space on your phone as possible, you should see a difference in your software’s smoothness and performance. If the irregularities in your system still persist, the probability you’re infected with malware is already higher. If not, you should still consult the following steps just in case.
2. Disconnect from your network
When attackers infiltrate your WiFi network, they can drop several malicious files like malware. To prevent the situation from worsening, disconnect from your WiFi. You can typically do that in your phone’s setting under Connections → WiFi and turn off your connection entirely or connect to another known available network (make sure the person or business the network belongs to is fine with you connecting).
Malicious actors compromising your device through a network can happen especially when you are connected to networks you are not familiar with, e.g. public ones that seem legitimate. If you’re not sure if a network is safe, do not connect to it.
3. Activate safe mode
Having safe mode turned on will limit the malware from doing further damage onto your phone, while still being able to operate it. the features you will be able to access will be minimal while you troubleshoot your phone.
In order to turn on safe mode, press and hold down your power button until the power options menu shows up.
Press the power off animation on your display and press and hold the power off button on your display once again.
A green icon should appear. Press it and your phone will reboot in safe mode.
4. Change your passwords and turn on two-factor authentication
Before going ahead and doing anything else, change your passwords to your social media accounts, subscription and streaming services, and other related accounts that contain your current passwords. This is especially important if you use the same password for multiple accounts. If the attacker gets hold of only one of your accounts, he automatically will have access to everything else if you do not use different passwords. If you’re interested in how to create and manage passwords check our guide on password managers.
In order to be on the safest side, enable two-step verification. This will make it harder for intruders to gain access to your Google account, even if they already know what your password is. Google will alert you if that is the case.
On Android it’s most important that you change your Google password. This is probably the most important service on your phone since it’s connected to Gmail, Google Drive, Google Docs, etc. Here’s how to do it:
- In the Google App, tap on your icon in the upper right corner.
- Press the button under your account info that says ”Google Account“
- Under Security, enable 2-Step Verification
- Also under Security, go to Password, where you will be asked to enter a new one. Make sure your new password contains uppercase and lowercase letters, numbers and special characters (e.g. $, %, /, etc.)
5. Look for malicious apps
Now it is time to manually remove potentially harmful apps. Under Settings, scroll down to Apps. In Apps, a list of all of your currently installed applications will be displayed. Look through the list and scan for any unknown or suspicious apps and delete them from your device.
If there are any apps that require excessive permissions (e.g. a mobile game that wants access to your camera, microphone, storage, gallery, etc.), check to see if they are legitimate. Otherwise either take the permissions away or even remove the app entirely. These apps oftentimes use these permissions over your device to spy on you or steal your passwords.
6. Install an antivirus
Some malware is harder or more tricky to get rid of and requires antivirus software. An antivirus is usually the most effective way to rid your phone of malware. There are several decent free options for antivirus software on Android. If you want to find out more about which one is the best fit for you, check out our articles on antivirus.
Download an antivirus from the Play Store. After you install and open the antivirus, you will typically have to give it permission to access your phone. After you have done that, initiate a scan. The antivirus will let you know if there are any threats to your device. Follow the instructions of your antivirus software. This may include deleting apps it considers to be dangerous.
Side note: Some antiviruses have additional features such as phishing-detecting and protection which may interest you, but it is most important that it contains some form of anti-malware.
7. Turn on Play Protect
Play Protect is a powerful tool by Google that gives your Android additional security. You can find it in the Play Store app by clicking the icon at the top right corner.
Scroll down and you should see the Play Protect option. Typically it should be activated and ready to scan.
Otherwise, activate the feature. As soon as you’ve done that, Play Protect will automatically go through scans for you on a regular basis.
Besides scanning for malware that’s already on your device, Play Protect will check apps for malware before you download them and give you warnings about potentially harmful apps.
After you taken all the actions listed above you can restart your phone and turn off safe mode.
Last Resort Solutions
Factory reset: If none of the steps above helped with your malware issue, you might have to consider restarting your phone from the factory settings. Please make sure your data is regularly backed up, since a full reset will erase all of the saved data on your phone, including photos and videos or other important documents. You might also have to contact your bank if you regularly use an online banking app. Here’s how to do it:
Under Settings go to General management.
There, press Reset.
Now tap the Factory data reset button. You will receive a warning before going through.
Contact a professional: Sometimes even a factory reset will not be able to get rid of a virus if it’s deeply embedded into your system. So called rootkits infect your device every time it boots up, even after a factory reset. They interact with your phone’s hardware components and make it very tricky to get rid of them. In this case consider consulting a mobile security expert or firmware engineer.
How to prevent malware from infecting my phone in the future?
There are several important steps to follow if you want your device to remain safe in the future:
- Keep your proactive antivirus software active at all times. Do not deactivate it, even when you’re asked to by certain apps.
- Only connect to networks you are familiar with and are sure don’t seem suspicious.
- Avoid getting your applications from any sources other than the Play Store (especially true for APKs).
- Stay away from shady emails, texts and links that seem unsafe or look like they could be scams.
Conclusion
Dealing with malware can be a complicated endeavor at times, but it is crucial to keep your device, data, and personal information protected. Don’t cut corners when it comes to mobile cybersecurity. A malware infection on your Android can be just as damaging as on a desktop and should be treated accordingly.