HummingBad malware infected over 10 million Android devices in the summer of 2016. The malware was capable of taking over an Android smartphone or tablet, stealing and selling a device’s user information, and downloading and installing unauthorized apps.
In January 2018, Google removed over 60 gaming apps from Google Play, many aimed at children, that contained malware that showed pornographic ads. Researchers from security firm Check Point discovered the malware, dubbed AdultSwine, in the apps.
These are just some of the millions of malware threats that are out in the wild today, threatening Android devices around the globe. In this article, we’ll discuss what kinds of malware are lurking out there, waiting in the dark corners of the web to attack unsuspecting and trusting Android users. We’ll also share some telltale signs that your device might be harboring one of these nasty bugs.
Fear not though, campers. If you do find that your device has been afflicted with a nasty piece of malware, we’ll also share the many tools and methods you can use to rid your Android device of such nastiness. We’ll also list the ways you can avoid getting infected again in the future.
Types of Android malware and viruses
We hesitate to use the word “virus” when referring to the pestilences that the bad actors of the world can set loose upon your Android device. Most of the dirty stuff that hits Google’s operating system these days is better termed as malware.
You might ask: what is the difference between viruses and malware? Don’t they both infect your device and wreak all sorts of havoc with your personal data?
Yes, they do. But viruses and malware are actually different beasts.
A virus is best defined as a malicious app that can copy itself and infect a computer or mobile device, affecting one file after another.
By touching multiple files, a virus improves its chances of being spread around by an infected file getting copied from the infected machine to another computer, where the infection again takes hold and starts the replication cycle all over again.
Due to the sandboxing approach both the Android and iOS operating systems take with apps, actual viruses cannot replicate themselves and spread throughout a mobile operating system. The “attack one file and the rest will follow” approach may have been popular in the wild west of Windows operating systems, but it isn’t possible on the modern Android operating system.
Despite all of this, and possibly due to their lack of a better term, many users still use the word “virus” to describe the malware that afflicts modern mobile devices.
Malware is more likely what an unlucky Android user will find their device afflicted with. Malware usually takes the form of a malicious app that is installed on a device and then quietly occupies itself with doing various devious things.
Malware will monitor your keystrokes, collect credit card and banking information, passwords, and other valuable information. It will then “phone home” from time to time to send the collected info back to its headquarters.
As a rule, the malware hides inside of what, to all appearances, seems to be a legitimate app. Remember when “Flappy Bird” was such a popular app, and it seemed like 12 million various versions of the app were released?
There’s a good chance a number of those Flappy Bird clones contained bits of malware that monitored smartphone and tablet usage when users weren’t tapping the screen to keep that damn bird in the air.
In addition to watching every keystroke on your device, Android malware can also do such horrible things as quietly send hundreds or even thousands of SMS messages, possibly running up a huge monthly tab for an unsuspecting user.
How do Android devices get infected?
The number one way for malware to be installed on an Android device is to piggyback itself onto a seemingly innocent app.
Nearly 2 million devices are believed to be infected by malware called “FalseGuide,” which was hidden in over 40 apps posing as guides for popular games Pokemon GO and FIFA.
FalseGuide adds any infected device to its botnet without its user’s knowledge. It then uses the infected devices for adware and various other nefarious purposes, using the principle of distributed computing across the devices.
Devices enlisted into a botnet can be used to conduct DDoS attacks and for other nefarious purposes. Such botnets have even been used in the past to penetrate private networks.
Check Point Software Technologies notes that the first apps containing the FalseGuide attack code were uploaded to the Google Play app store as early as November 2016 but were not discovered until April of 2017, leading to the installation of the malware on hundreds of thousands of devices before the apps were removed from the store.
Two new malicious apps containing the FalseGuide code were uploaded to the Google Play store at the beginning of April and were downloaded by multiple users before Google removed the apps. A recent estimate by Check Point indicates upwards of 2 million devices were infected by the bad code.
FalseGuide, as well as similar malware apps, asks for device admin permission when it is being installed. This is an unusual permission for a game guide to request, to say the least. It does so to avoid being deleted by the user. (Any app that asks for such permissions during installation could be up to no good – always think twice before allowing such permissions on your device.)
Telltale signs of a malware infection
Now that we have defined malware, let’s take a look at how you can tell if your Android phone or tablet might be infected.
There are telltale signs that could indicate your device has a bad case of malware. However, keep in mind that just because your phone or tablet may be showing some of these symptoms, it doesn’t necessarily mean your device is infected.
Worsening battery life
If you’ve had your Android device for a while, you probably have a good idea of how long your battery lasts between charges. If you usually get a day or two of use from a full charge, and all of a sudden you need to find a charger by lunchtime, something might be going on.
Malware can sometimes be contacting its developers over your cellular or Wi-Fi connection numerous times a day, sending information it has collected back to its home base. Or, it could be downloading fresh ads in the case of spam-puking adware.
A sudden drop in battery life could mean you’ve got an unwelcome bit of code residing on your device.
Higher cellular bills
Remember how I mentioned malware might send any data it has collected back to its home base? It does that over your device’s data connection. If you’re not connected to a Wi-Fi hotspot, that means it’s using your cellular data connection.
If you’ve got a monthly data cap on your cellular data plan, malware can easily cause you to go over your monthly data allotment, leading to massive overage charges.
Android malware has also been known to sit back and begin sending large numbers of SMS text messages to premium-charge phone numbers (kind of like a 900 line for SMS messages.)
Such malware can be greedy, slamming you with a huge number of SMS message fees for one big score – or it might send just a few a month, slowly milking you like a Guernsey Cow.
You should keep an eye on your cellular bill each month anyway, just because of the way wireless carriers try to slip extra charges by you. But the possibility of a $300 monthly SMS bill is another great incentive to keep an eye on things.
Sure, dropped calls are a common theme when it comes to cellular phone service.
But pay special notice if your calls start dropping or you begin experiencing service issues in places where you usually have excellent cell service. It’s possible someone’s little malware package might be attempting to eavesdrop on your personal and business conversations.
Lousy device performance
If you went the El Cheapo route and bought a $39 Android phone, this one might be tougher to detect.
However, if your $1,200 Samsung red hot phone of the month starts performing at a little less than its usual sizzling pace (okay, I’m done), then your device might be harboring malware.
Malware, especially if developed by a black hat who used less than optimal coding practices, can eat up extensive processing cycles and memory space. Slower performance than you’re used to could mean there’s some rogue code hiding on your device, greedily consuming RAM and CPU cycles.
What to do if you think your device might be infected with malware
Okay, so you’ve observed one or more of the indicators above or have observed other happenings that make you believe you might have malware installed on your device.
What can you do?
First of all, don’t panic.
Your device might not have been infected. It’s possible a recent update to an app, or even an update to your device’s Android operating system could be causing your device to act all wonky.
If you do suspect your device has been infected, I highly recommend downloading a malware detection app from the Google Play Store. There are plenty of excellent apps available by highly-regarded security firms that can scan your device for any signs of malware.
While many of the malware detection utilities are pay-for-play, they usually have a free trial period available, which should be more than up to thoroughly checking your smartphone or tablet for malicious code.
I recommend any of the following applications for download, all of which are rated at 4 stars or higher:
Avast Mobile Security & Antivirus
Avast is a capable malware-checker and offers many additional features, including a call blocker, Privacy Advisor, Charging Booster, RAM Booster, and other gimmicks. Some of these are premium-only features, meaning you’ll need to pay a monthly or yearly subscription fee to access them.
Bitdefender Mobile Security
Bitdefender doesn’t claim to offer a huge number of features – at least in its free incarnation.
The app specializes in detecting malware on your Android device. It does offer a free trial of its premium features, which offer real-time scanning of web pages and the ability to lock, locate or wipe your device if it’s lost or stolen.
However, for our purposes, the free version will do a capable job.
AVG Antivirus FREE for Android
AVG is a well-known Windows antivirus app publisher and is well respected in the antivirus and malware-detection industry.
In addition to malware scanning, the app can identify unsecure device settings and will tell you how to fix them. It also guards against phishing attacks and will scan your media files for security threats.
Malwarebytes is one of my favorite malware scanners. I use it for most of my computing platforms, including my Mac, Windows machines, and Android devices.
The app is free and doesn’t try to do too many things. It instead concentrates on doing one thing well: scanning your Android device for code from the bad guys. The app is lightweight and doesn’t put a huge hit on system resources as some malware scanners do.
Install any of the malware detection apps listed above from Google Play, allow the app to scan your device for any signs that it has been infected, and let it do its stuff.
Most apps can scan a device in just a few minutes or less, and the peace of mind given by a clean scan is worth the short amount of time it takes to run the scan.
Crap! The malware scan found something!
Okay, don’t freak out. Let’s all be like little Fonzie’s here and be cool. The damage is done, so let’s take a look at how it can be fixed. In most cases, you can delete the malware in just a few steps. Heck, your Android malware-scanning app might even be able to clean it for you.
Let your malware scanner try to handle it
If your Android malware scanner of choice finds malware installed on your device and offers to get rid of it for you, let it take its best shot at it. A few of the more popular scanners offer malware removal as part of their feature set.
Once you’ve allowed your malware app to get rid of the malware it has found, run a new scan. If the new scan still finds the malware, you’ll need to move on to the second method of removing malware: eliminating that bad boy manually.
Remove the malware manually
To manually remove malware from your Android device, you’ll need to follow the steps I list below exactly. Missing any of the steps can lead to a bit of confusion for you, as well as, most likely, not removing the malware from your device.
That said, nothing I’ll list here requires any special knowledge on your part, and the steps are easy to follow. I’ll supply plenty of screenshots and offer clear and concise instructions.
These instructions are for Android Oreo (Version 8.0). While other versions may have menus worded a bit differently, they should still be worded similarly, and you should be able to follow along with no problem.
Okay, let’s give this a go.
You’ll need to put your Android device into Safe Mode. Safe Mode prevents any third-party apps from running, including that nasty little malware app you picked up.
On most devices, Safe Mode is entered by pressing and holding the device’s power button until you see the device’s “Power Off” options appear on the screen.
Normally, you would just tap “Power Off” and the device would shut down, or tap “Restart” to restart your device. But, to restart the device in Safe Mode, you want to tap and hold on the “Restart” option.
Hold your finger on the “Restart” option until you see a prompt asking if you would like to reboot into Safe Mode. Tap “OK” when the prompt appears (or the device will reboot on its own – this differs according to the manufacturer.)
Your device will reboot, and when it comes back up, you’ll see the words “Safe Mode” displayed somewhere on the screen, as shown in the screenshot below.
There are Android devices that don’t use this technique to enter Safe Mode. If this doesn’t work with your device, go to DuckDuckGo (or your search engine of choice) and enter: “How to put [your device’s model name] into Safe mode” to find the instructions for your make and model.
If that doesn’t work, contact customer support for your device’s manufacturer.
Once your device has restarted in Safe Mode, open your device’s “Settings” app and scroll down until you see the “Apps & notifications” menu option. Tap “Apps & notifications.”
On the next screen, you’ll see an “App info” menu option. Tap that.
On the “App info” screen, you’ll see all of your device’s installed apps.
If you have a good idea of exactly when your device started acting strangely, look for apps you installed around that time. If you’re not sure exactly which app might be infecting your phone, look for apps that look a bit out of place or that you don’t remember installing. (Unfortunately, it likely won’t be named as obviously as it is here.)
When you find a suspicious app, make a note of the app’s name for later reference (just in case you delete an important app by mistake.)
If you have another device or computer handy, go to your favorite search engine and enter the name of the app and see what you can find out about the app.
Once you’re satisfied the app could be causing your device woes, go ahead and tap on the app’s name to open the “App Info” page. Here, you’ll be able to view information about it. More importantly, you’ll see an “Uninstall” button. Tap the button to remove the app from your device.
Most of the time, you’ll be able to tap the “Uninstall” button and remove the suspicious app. If this is the case, proceed to step 6.
However, occasionally you might see the Uninstall button is ghosted out, and tapping it doesn’t do anything. This means the app, and its associated malware, has given itself Administrator status. This means we need to take a few extra steps to get rid of the malevolent and wily piece of code.
Exit the Apps menu and go to: “Settings” -> “Security & location” -> “Device admin apps.”
On this screen, you’ll see a list of any apps installed on your device that have administrator status. You’ll need to remove the offending app’s device administrator status.
Tap the checkbox found next to the offending app’s name to uncheck it and then tap the “Deactivate” button on the next screen.
You should now be able to remove the app from your device
Return to the “Settings” -> “Apps” screen and remove the malicious app by tapping the “Uninstall” button on the App’s Info page.
Restart your device to take it out of Safe Mode.
Run your malware detection app again on your device to make sure the malware has indeed been removed.
Repeat as needed.
How to avoid getting reinfected
Now that your device is clean and running smoothly again, you want to keep it running that way, yes? This is actually relatively easy to do.
Most malware requires an Android device user to be less than safe when installing apps or giving installed apps device permissions in order to grab a toehold in their device.
To stay safe and sound when installing new apps on your device, keep the following “suggestions” (rules, actually) in mind when installing an app.
Only install apps from Google Play or other confirmed safe sources
Sure, Google isn’t perfect in vetting apps in their app store, but they’re getting better at it. It’s true that some malicious apps might not show their true colors until days or weeks after they’re installed, but Google does a decent job of catching the bad guys before they go out into the wild.
Avoid installing “clone apps”
Clone apps are those that always appear when a certain app becomes popular. When Flappy Bird was the big thing, there were WAY too many clones available in the Google Play app store.
If you just have to have Flappy Bird or the next big arcade game, download the real thing.
Clone apps are a favorite way for devious developers to hide their true intentions. They lure users in with a free copy of a paid game and then unleash their dangerous payloads when you’re not watching. This is also true of “hacked” versions of popular apps that claim to allow you to play free.
If it’s too good to be true, then it probably is.
Don’t install apps from “unknown sources”
To ease the temptation of installing apps from unknown or questionable sources, do yourself a favor and make a visit to the “Settings” app. Go to the “Security” menu and make sure the “Unknown Sources” option there is disabled.
That way, you can’t install apps unless they are from an approved source, such as Google Play, or the Amazon app store if you have an Amazon Android device.
Always take note of what permissions the app you’re installing asks for
When you do install apps, even when they are from a reputable source, take note of the app’s required permissions before hitting the “Install” button. Never allow an app to get Admin permissions.
Think twice about other permissions too. Why does Sonic the Hedgehog need access to your location?
When considering an app for installation, vet it on the internet first. Look for reviews and other information about it. Visit the developer’s website, if they have one. (A reputable developer will always have a website.)
By doing this, you’ll get a good feel for whether or not the developer and his apps are on the up and up.
Keep your Android device up to date
Let’s face it: it’s not easy to make sure your device has the latest and greatest version of its operating system installed. Unlike Apple’s iOS operating system, which is available on devices manufactured only by Apple, the Android operating system can be run on devices made by thousands of manufacturers.
The mind-boggling number of available Android devices means most of the devices aren’t running the latest version of the Android OS. Heck, many of them will never be able to install a later version of the OS than the one that was installed right out of the box.
Nevertheless, try to keep your device as up-to-date as possible. And, the next time you buy a new device, consider buying one from a brand that keeps their devices updated, like Samsung’s Galaxy or Google’s Pixel handsets.
Install an anti-malware app on your device
Although you should already have one in place, install an anti-malware app on your device. Try to find one that offers a good balance between protection and its use of system resources. While my favorite is the one from Malwarebytes, you may find another app that meets your needs better.
Don’t be afraid to hit the internet and search for information on malware scanner apps. Look for reviews; there are plenty of them out there. Ask your friends what they use. Spend a little more time researching malware scanners than you did your last HDTV purchase, and you should be fine.
What we have learned
We’ve covered a lot in this article. We’ve covered what malware is and what the different types of malware that can afflict your Android device can do. We’ve taken a look at how malware gets on your device and how it can be detected and removed.
After all of that, we discussed what you can do in the future to keep malware off of your device. (Basically, it’s like my family doctor is fond of saying: “If you break your arm in three places, stay out of those places!”)
The Reader’s Digest condensed version of all of this is as follows:
Malware comes courtesy of “iffy” apps
Malware affects millions of users and their Android devices every year. Unlike viruses, which afflict traditional computers such as Windows PCs, malicious code that infects devices on the Android platform usually comes piggybacked onto seemingly innocuous apps.
Malware cannot replicate itself and move from device to device. Instead, it requires the user of the device to install the code. This is usually accomplished by social engineering, or by making the malicious app appear to be a useful application.
There are telltale signs of malware infection
Telltale signs of possible malware infection are worsening battery life, a larger-than-normal cellular phone bill, dropped or otherwise interfered with phone calls, or worsening device performance (apps take forever to open, games and video are slow, etc.)
Install a malware/virus scanning app
If you think your device might be infected by malware, install a reputable malware/virus-scanning app and use it to scan your device for any possible malicious code.
Get rid of the malicious code
It’s relatively simple to remove malicious code in most cases. Usually, it takes just a few moments to delete the malware. (Occasionally, the malware might prove a bit more stubborn, but with a little more effort on your part, you can defeat it.)
Practice safe computing
Practice safe computing to avoid getting more malicious apps on your device. With a little care on your part by playing it smart when installing apps, you can keep your Android device clean and green.
With just a little common sense, a good anti-malware app, and thinking before you install any app, you’ll keep your Android smartphone or tablet safe and sound.
Android malware and viruses FAQ
What is the difference between malware and a virus?
Malware is a malicious app that is installed on a device and then quietly sits in the background performing nefarious deeds. A virus is best defined as a malicious app that can copy itself and infect a computer or mobile device, affecting one file after another.
How can I avoid installing malware on my Android phone?
While there is no foolproof way to avoid installing malware on your Android phone, there are ways to cut down on the chances of it happening. Never sideload apps from outside of the Google Play Store. While these apps can appear to be genuine, they may have had a malware-related payload added. Also, don't always accept an app's request for access to various features of your phone. Stop and think, why does a game need access to your contacts list?
What should I do if I see a "device contaminated" message while browsing the web on my Android or iOS device?
This is likely a phishing pop-up that is attempting to get you to download malware or to turn over personal information. Simply close the browser tab where this message appeared.
- Types of Android malware and viruses
- How do Android devices get infected?
- Telltale signs of a malware infection
- What to do if you think your device might be infected with malware
- Crap! The malware scan found something!
- How to avoid getting reinfected
- What we have learned
- Android malware and viruses FAQ
- What is the difference between malware and a virus?
- How can I avoid installing malware on my Android phone?
- What should I do if I see a "device contaminated" message while browsing the web on my Android or iOS device?