HummingBad malware infected over 10 million Android devices in the Summer of 2016. The malware was capable of taking over an Android smartphone or tablet, stealing and selling a device’s user information, and downloading and installing unauthorized apps.
Also in 2016, Mazar malware is downloaded when users click on a innocent looking link designed to look like a multimedia message. When unsuspecting Android users click on the link, it installs malware that enables anonymous internet connections to the device, allowing those who connect to it to have administrator rights to the device.
More recently, in April of 2017, a new malware strain hit at least 600,000 Android devices, disguised as a game guide for such popular games as Pokemon GO and FIFA Mobile. The app asks for admin privileges, and then uses those privileges to register with Firebase Cloud Messaging. It then uses the service to send and receive messages containing additional malware and instructions.
These are just three of the millions of malware threats that are out in the wild today, threatening Android devices around the globe. Security company Trend Micro expects to see an exponential increase in malware affecting Android devices in 2017.
In this article, I’ll discuss what kinds of malware is lurking out there, waiting to attack unsuspecting and trusting Android users. I’ll also share some telltale signs that your device might be harboring one of these nasty bugs.
Fear not though campers. If you do find that your device has been afflicted with a nasty piece of malware, I’ll also share the many tools and methods you can make use of to rid your Android device of such nastiness. I’ll also list the ways you can avoid getting infected again in the future.
Type of Android Malware and Viruses
I hesitate to actually use the word “virus” when referring to the types of pestilences that the bad actors of the world can set loose upon your Android device. Most of the dirty stuff that hits Google’s operating system these days is better termed as malware.
You might ask what the difference is between virus and malware? Don’t they both infect your device, and play all sorts of havoc with your device your personal data? Yes they do. But viruses and malware are actually different beasts.
Viruses are best defined as a malicious app that can copy itself and infect a computer or mobile device, infecting one file after another. By infecting multiple files, a virus improves its chances at being spread around by an infected file getting copied from the infected machine to another machine, where the infection again takes hold, and starts the replication cycle all over again.
Due to the sandboxing approach both the Android and iOS operating systems take with apps, actual viruses cannot replicate themselves and spread throughout a mobile operating system. The attack one file and the rest will follow approach may have been popular on the wild west of Windows operating systems, but isn’t possible on the modern Android operating system.
Despite all of this, possibly due to their lack of a better term, many users still use the word “virus” to describe the malware that afflicts modern mobile devices.
Malware is more likely what an unlucky Android user will find their device inflicted with. Malware usually takes the form of a malicious app that is installed on a device and then quietly occupies itself with doing various devious things.
Malware will monitor your keystrokes, collect credit card and banking information, passwords, and other valuable information. It will then “phone home” from time to time, in order to send the collected info back to its headquarters.
As a rule, malware hides inside of, what to all appearances, seems to be a legitimate app. Remember when “Flappy Bird” was such a popular app, and about 12 million various versions of the app were released?
It’s a good chance a number of those Flappy Bird clones contained bits of malware that monitored smartphone and tablet usage when users weren’t tapping the screen to keep that damn bird in the air.
In addition to monitoring your every keystroke on your device, Android malware can also do such horrible things as quietly send SMS message after SMS message, possibly running up a huge end-of-the month tab for an unsuspecting user.
How Do Android Devices Get Infected?
The number one way for malware to be installed on an Android device is to piggyback itself onto a seemingly innocent app. Nearly 2 million devices are believed to be infected by malware called “FalseGuide,” which was hidden in over 40 apps posing as guides for popular games Pokemon GO and FIFA.
FalseGuide adds any infected device to its botnet without their users’ knowledge. It then uses the infected devices for adware and various other nefarious purposes, using the principle of distributed computing across the devices.
Devices enlisted into a botnet can be used to conduct DDoS attacks, and other nefarious purposes. Such botnets have even been used in the past to penetrate private networks.
Check Point Software Technologies notes the first apps containing the FalseGuide attack code were uploaded to the Google Play app store as early as November 2016, but were not discovered until April of 2017, leading to the installation of the malware on hundreds of thousands of devices before the apps were removed.
Two new malicious apps containing the FalseGuide code were uploaded to the Google Play store at the beginning of April, and were downloaded by multiple users before Google removed the apps. A recent estimate by Check Point indicates upwards of 2 million devices were infected by the bad code.
FalseGuide, as well as similar malware apps, asks for device admin permission when it is being installed. This is an unusual permission for a game guide to ask for to say the least. It does so to avoid being deleted by the user. (Any app that asks for such permissions during installation could be up to no good, always think twice before allowing such permissions on your device.)
Telltale Signs of a Malware infection
Now that we have defined malware, let’s take a look at how you can tell if your Android phone or tablet might be infected. There are some telltale signs that could indicate your device has a bad case of malware. However, keep in mind that just because your phone or tablet may be showing some of these symptoms, it doesn’t necessarily mean your device is infected.
Worsening Battery Life
If you’ve had your Android device for awhile, you probably have a fairly good idea of how long your battery lasts between charges. If you usually get a day or two of use from a full charge, and all of a sudden you’re needing to find a charger by lunchtime, something might be going on.
Malware can sometimes be contacting its developers over your cellular or Wi-Fi connection a number of times a day, sending information it has collected back to its home base. Or, it could be downloading fresh ads in the case of spam-puking adware. A sudden drop in battery life could mean you’ve got an unwelcome bit of code residing on your device.
Larger Cellular Bills
Remember how I mentioned malware might send any data it has collected back to its home base? It does that over your device’s data connection. If you’re not connected to a Wi-Fi hotspot, that means it’s using your cellular data connection.
If you’ve got a monthly data cap on your cellular data plan, malware can easily cause you to go over your monthly data allotment, leading to huge overage charges.
Android malware has also been known to sit back and begin sending large numbers of SMS text messages to premium-charge phone numbers. (Kind of like a 900 line for SMS messages.) Such malware can either be greedy, slamming you with a huge number of SMS message fees for one big score, or it might send just a few a month, slowly milking you like a Guernsey Cow.
You should keep an eye on your cellular bill each month anyway, just because of the way wireless carriers try to slip extra charges in on you. But the possibility of a $300 monthly SMS bill is another great incentive to keep an eye on things.
Sure, dropped calls are a common theme when it comes to cellular phone service. But pay special notice if your calls start dropping or experiencing service issues in places you usually have great cell service. It’s possible someone’s little malware package might be attempting to eavesdrop on your personal and business conversations.
Lousy Device Performance
If you’ve went the El Cheapo route and bought a $39 Android handset, this one might be tougher to detect. However, if your $800 Samsung red hot phone of the month starts performing at a little less than its normal sizzling pace, (OK, I’m done), then your device might be harboring malware.
Malware, especially if developed by a black hat who used less than optimal coding practices, can eat up extensive processing cycles and memory space. Slower performance than you’re used to could mean there’s some rogue code hiding on your device, greedily consuming RAM and CPU cycles.
What to Do if You Think Your Device Might Have Malware
OK, so you’ve observed one or more of the above indicators or have observed other happenings with your device that makes you believe you might have malware installed on your device. What can you do?
First off, don’t panic. Your device might not have been infected. It’s possible a recent update to an app, or even an update to your device’s Android operating system could be causing your device to act all wonky.
If you do suspect your device has been infected, I highly recommend downloading a malware detection app from the Google Play Store. There are a number of excellent apps available by highly regarded security firms that can scan your device for any signs of malware.
While many of the malware detection utilities are pay-for-play, they usually have a free trial period available, which should be more than up to thoroughly checking your smartphone or tablet for malicious code.
I recommend any of the following applications for download. (All are rated at 4 stars or higher.):
Avast Mobile Security & Antivirus - Avast is a capable malware checker, and offers a number of additional features, including a call blocker, Privacy Advisor, Charging Booster, RAM Booster, and other gimmicks. Some of these are premium-only features, meaning you’ll need to pay a monthly or yearly subscription fee to access them.
Bitdefender Mobile Security - Bitdefender doesn’t claim to offer a huge number of features, at least in its free incarnation. The app specializes in detecting malware on your Android device. It does offer a free trial of its premium features, which offer real-time scanning of webpages and the ability to lock, locate or wipe your device if it’s lost or stolen. However, for our purposes, the free version will do a capable job.
AVG Antivirus FREE for Android - AVG is a well-known Windows antivirus app creator, and is well respected in the antivirus and malware detection industry. In addition to malware scanning, the app can identify unsecure device settings and will tell you how to fix them. It also guards against phishing attacks, and will scan your media files for security threats.
Kaspersky Antivirus & Security - Kaspersky’s malware scanner offers scans for “viruses, malware, spyware and Trojans.” It also can automatically remove such threats from your device. As seems to be the fashion these days, it also offers a huge amount of other features, such as finding your lost device, blocking phone calls and text messages, and more. Many of these features are already offered by your device’s built-in apps, or by other third-party apps.
Malwarebytes Anti-Malware - Malwarebytes is one of my favorite malware scanners. I use it on most of my computing platforms, including my Mac and Windows machines, and Android devices. The app is free, and doesn’t try to do too many things. It instead concentrates on doing one thing well, scanning your Android device for code from the bad guys. The app is lightweight and doesn’t put a huge hit on system resources like some scanners do.
Install any of the above listed malware detection apps from Google Play, let the app do its stuff, and allow it to scan your device for any signs that it’s been infected. Most apps can scan a device in just a few minutes or less, and the peace of mind given by a clean scan is worth the short amount of time it takes to run the scan.
Crap! The Malware Scan Found Something!
OK, don’t freak out. Let’s all be like little Fonzie’s here, and stay cool. The damage is done, so let’s take a look at how it can be fixed. In most cases, you can delete the malware in just a few steps. Heck, your Android malware scanning app might even be able to clean it for you.
Let Your Malware Scanner Try to Handle It
If your Android malware scanner of choice finds malware installed on your device and offers to get rid of it for you, let it take its best shot at it. A few of the more popular scanners offer malware removal as part of their feature set.
Once you’ve allowed your malware app to get rid of the malware it has found, run a new scan. If the new scan still finds the malware, you’ll need to move on to the second method of removing malware, removing that bad boy manually.
Remove the Malware Manually
In order to manually remove malware from your Android device, you’ll need to exactly follow the steps I list below. Missing any of the steps can lead to a bit of confusion for you, as well as most likely not removing the malware from your device.
That said, nothing I’ll list here requires any special knowledge on your part, and the steps are easy to follow. I’ll supply plenty of screenshots, and offer clear and concise instructions. OK, let’s give this a go.
1. Safe Mode- We’ll need to put your Android device into Safe Mode. Safe Mode prevents any third-party apps from running, including that nasty little malware app you picked up.
On most devices, Safe Mode is entered by pressing and holding the device’s power button until you see the device’s Power Off Options appear on screen.
Normally, you would simply tap “Power Off,” and the device would shutdown. But to restart the device in Safe Mode, you want to tap and hold on the “Power Off” option.
Hold your finger on the “Power Off” option until you see a prompt asking if you would like to reboot into Safe Mode. Tap “OK” when the prompt appears. Your device will reboot, and when it comes back up you’ll see the words “Safe Mode” displayed somewhere on the screen, as shown in the screenshot below.
There are Android devices that don’t use this technique to enter Safe Mode. If this doesn’t work with your device, go to DuckDuckGo (or your search engine of choice) and enter: “How to put [your model name] into Safe mode” to find the instructions for your make and model. If that does not work, contact customer support for your device’s manufacturer.
2. Find the app - Once your device has restarted in Safe Mode, open your device’s “Settings” app, and scroll down until you see the “Apps” menu option. Tap “Apps.” On the Apps screen, you’ll see all of your device’s installed apps.
If you have a good idea of exactly when your device started acting strange, look for apps you installed around that time. If you’re not sure exactly which app might be infecting your app, look for apps that look a bit out of place or that you don’t remember installing.
When you find a suspicious app, make note of the app’s name for later reference, (just in case you delete an important app by mistake.) If you have another device or computer handy, go to your favorite search engine and enter the name of the app and see what you can find out about the app.
3. Uninstall - Once you’re satisfied the app could be causing your device woes, go ahead and tap on the app’s name to open the “App Info” page. Here, you’ll be able to view information about it. More importantly though, you’ll see an “Uninstall” button. Tap the button to remove the app from your device.
4. Administrator status - Most of the time, you’ll be able to tap the “Uninstall” button and remove the suspicious app. However, occasionally you might see the Uninstall button is ghosted out, and tapping it doesn’t do anything. This means the app, and its associated malware, has given itself Administrator status. This means we need to take a few extras step to get rid of the malevolent and wily piece of code.
5. Deactivate - Exit the Apps menu and go to: “Settings” -> “Security” -> “Device Administrators.” On this screen, you’ll see a list of any apps installed on your device that have administrator status. You’ll need to remove the offending app’s device administrator status.
Tap the checkbox found next to the offending app’s name to uncheck it, and then tap the “Deactivate” button on the next screen. You should now be able to remove the app from your device.
6. Removing the app - Return to the “Settings” -> “Apps” screen, and remove the malicious app by tapping the “Uninstall” button on the App’s Info page.
7. Restart - Restart your device to take it out of Safe Mode.
8. Scan - Run your malware detection app again on your device to make sure the malware has indeed been removed.
9. Repeat - Repeat as needed.
How to Avoid Getting Another Virus
Now that your device is clean and running smoothly again, you want to keep it running that way, yes? This is actually relatively easy to do. Most malware requires an Android device user to be less than safe when installing apps or giving installed apps device permissions in order to grab a toehold in their device.
To stay safe and sound when installing new apps on your device, keep the following “suggestions” (rules actually) in mind when installing an app.
- Only install apps from Google Play or other confirmed safe sources. Sure, Google isn’t perfect in vetting apps in their app store, but they’re getting better at it. It’s true that some malicious apps might not show their true colors until days or weeks after they’re installed, but Google does a decent job of catching the bad guys before they go out into the wild.
Avoid installing “clone apps.” Clone apps are those that always appear when a certain app becomes popular. When Flappy Bird was the big thing, there were WAY too many clones available in the Google Play app store. If you just have to have Flappy Bird, or the next big arcade game, download the real thing.
Clone apps are a favorite way for devious developers to hide their true intentions. They lure users in with a free copy of a paid game, and then unleash their dangerous payloads when you’re not watching. This is also true of “hacked” versions of popular apps that claim to allow you to play free. If it’s too good to be true, then it probably is.
- To ease the temptation of installing apps from unknown or questionable sources, do yourself a favor and make a visit to the “Settings” app. Go to the “Security” menu and make sure the “Unknown Sources” option there is disabled. That way, you can’t install apps unless they are from an approved source, such as Google Play, or the Amazon appstore if you have an Amazon Android device.
- When you do install apps, even when they are from a reputable source, take note of the app’s required permissions before hitting the “Install” button. Never allow an app to get Admin permissions. Think twice about other permissions too. Why would a photo editing app need access to your Email or Contacts?
When considering an app for installation, vet it on the Internet first. Look for reviews and other information about it. Visit the developer’s website, if they have one. (A reputable developer will always have a website.) By doing this, you’ll get a good feel for whether or not the developer and his apps are on the up and up.
- Keep your Android device up to date. Let’s face it, it’s not easy to make sure your device has the latest and greatest version of its operating system installed. Unlike Apple’s iOS operating system, which is available on devices manufactured only by Apple, the Android operating system can be run on devices made by thousands of manufacturers.
The mind boggling number of available Android devices means most of the devices aren’t running the latest version of the Android OS. Heck, most of them will never be able to install a later version of the OS than the one that was installed right out of the box.
Nevertheless, try and keep your device as up to date as possible. And, the next time you buy a new device, consider buying one from a brand that keeps their devices updated, like Samsung or Google’s own Pixel handsets.
- Although you should already have one in place, install an anti-malware app on your device. Try to find one that offers a nice balance between protection and its use of system resources. While my favorite is the one from Malwarebytes, you may find another app meets your needs better.
Don’t be afraid to hit the Internet and search for information on malware scanner apps. Look for reviews, there are plenty of them out there. Ask your friends what they use. Spend a little more time researching malware scanners than you did your last HDTV purchase, and you should be fine.
What We Have Learned
We’ve covered a lot in this article. We’ve covered what malware is, and what the different types of malware that can afflict your Android device can do. We’ve taken a look at how malware gets on your device, and how it can be detected, and removed.
After all of that, we discussed what you can do in the future to keep malware off of your device. (Basically, it’s like my family doctor is fond of saying. “If you break your arm in three places, stay out of those places!”)
The Reader’s Digest condensed version of all of this is as follows:
- Malware afflicts millions of users and their Android devices every year.
- Unlike viruses, which afflict traditional computers such as Windows PCs, malicious code that infects devices on the Android platform usually comes piggybacked onto seemingly innocuous apps.
- Telltale signs of a possible malware infection are: Worsening battery life, a larger than normal cellular phone bill, dropped or otherwise interfered with phone calls, or your device begins performing worse than usual. (Apps take forever to open, games and video are slow, etc.)
- If you think your device might be infected by malware, install a reputable malware/virus scanning app and use it to scan your device for any possible malicious code.
- It’s relatively simple to remove malicious code in most cases. Usually, it takes just a few moments to delete the malware. (Occasionally, the malware might prove a bit more stubborn, but with a little more effort on your part, you can defeat it.)
- Practice safe computing to avoid getting more malicious apps on your device. With a little care on your part by playing it smart when installing apps, you can keep your Android device clean and green.