How to Remove Malware & Viruses From Android Phones (Oreo Version)

phone malware

HummingBad malware infected over 10 million Android devices in the summer of 2016. The malware was capable of taking over an Android smartphone or tablet, stealing and selling a device’s user information, and downloading and installing unauthorized apps.

Also in 2016, Mazar malware is downloaded when users click on an innocent-looking link designed to look like a multimedia message. When unsuspecting Android users click on the link, it installs malware that enables anonymous internet connections to access the device, allowing those who connect to it to have administrator rights to the device.
Mobile Security

In April of 2017, a new malware strain hit at least 2 million Android devices, disguised as a game guide for such popular games as Pokemon GO and FIFA Mobile.

The app asked for admin privileges and then used the granted rights to register with Firebase Cloud Messaging. It then used the service to send and receive messages containing additional malware and instructions.

In January 2018, Google removed over 60 gaming apps from Google Play, many aimed at children, that contained malware that showed pornographic ads. Researchers from security firm Check Point discovered the malware, dubbed AdultSwine, in the apps.

Once downloaded, the malware would display “highly pornographic” ads, which also attempted to scare users into installing fake security apps to get them to buy worthless services.

These are just some of the millions of malware threats that are out in the wild today, threatening Android devices around the globe. Security company Trend Micro expects to see an exponential increase in malware affecting Android devices in 2018.

In this article, I’ll discuss what kinds of malware is lurking out there, waiting to attack unsuspecting and trusting Android users. I’ll also share some telltale signs that your device might be harboring one of these nasty bugs.

Fear not though, campers. If you do find that your device has been afflicted with a nasty piece of malware, I’ll also share the many tools and methods you can use to rid your Android device of such nastiness. I’ll also list the ways you can avoid getting infected again in the future.

Types of Android Malware and Viruses

I hesitate to use the word “virus” when referring to the pestilences that the bad actors of the world can set loose upon your Android device. Most of the dirty stuff that hits Google’s operating system these days is better termed as malware.

You might ask: what is the difference between viruses and malware? Don’t they both infect your device and wreak all sorts of havoc with your personal data?

Yes, they do. But viruses and malware are actually different beasts.

1

Viruses

A virus is best defined as a malicious app that can copy itself and infect a computer or mobile device, affecting one file after another.

By touching multiple files, a virus improves its chances of being spread around by an infected file getting copied from the infected machine to another computer, where the infection again takes hold and starts the replication cycle all over again.

Due to the sandboxing approach both the Android and iOS operating systems take with apps, actual viruses cannot replicate themselves and spread throughout a mobile operating system. The “attack one file and the rest will follow” approach may have been popular in the wild west of Windows operating systems, but it isn’t possible on the modern Android operating system.

Despite all of this, and possibly due to their lack of a better term, many users still use the word “virus” to describe the malware that afflicts modern mobile devices.

2

Malware

Malware is more likely what an unlucky Android user will find their device afflicted with. Malware usually takes the form of a malicious app that is installed on a device and then quietly occupies itself with doing various devious things.

Malware will monitor your keystrokes, collect credit card and banking information, passwords and other valuable information. It will then “phone home” from time to time to send the collected info back to its headquarters.

As a rule, malware hides inside of what, to all appearances, seems to be a legitimate app. Remember when “Flappy Bird” was such a popular app, and about 12 million various versions of the app were released?

There’s a good chance a number of those Flappy Bird clones contained bits of malware that monitored smartphone and tablet usage when users weren’t tapping the screen to keep that damn bird in the air.

In addition to watching your every keystroke on your device, Android malware can also do such horrible things as quietly send SMS message after SMS message, possibly running up a huge monthly tab for an unsuspecting user.

How Do Android Devices Get Infected?

The number one way for malware to be installed on an Android device is to piggyback itself onto a seemingly innocent app.

Nearly 2 million devices are believed to be infected by malware called “FalseGuide,” which was hidden in over 40 apps posing as guides for popular games Pokemon GO and FIFA.

FalseGuide adds any infected device to its botnet without their users’ knowledge. It then uses the infected devices for adware and various other nefarious purposes, using the principle of distributed computing across the devices.

Devices enlisted into a botnet can be used to conduct DDoS attacks and for other nefarious purposes. Such botnets have even been used in the past to penetrate private networks.

Check Point Software Technologies notes that the first apps containing the FalseGuide attack code were uploaded to the Google Play app store as early as November 2016 but were not discovered until April of 2017, leading to the installation of the malware on hundreds of thousands of devices before the apps were removed from the store.

Two new malicious apps containing the FalseGuide code were uploaded to the Google Play store at the beginning of April and were downloaded by multiple users before Google removed the apps. A recent estimate by Check Point indicates upwards of 2 million devices were infected by the bad code.

FalseGuide, as well as similar malware apps, asks for device admin permission when it is being installed. This is an unusual permission for a game guide to ask for, to say the least. It does so to avoid being deleted by the user. (Any app that asks for such permissions during installation could be up to no good - always think twice before allowing such permissions on your device.)

Telltale Signs of a Malware Infection

Now that we have defined malware, let’s take a look at how you can tell if your Android phone or tablet might be infected.

There are telltale signs that could indicate your device has a bad case of malware. However, keep in mind that just because your phone or tablet may be showing some of these symptoms, it doesn’t necessarily mean your device is infected.

1

Worsening Battery Life

If you’ve had your Android device for awhile, you probably have a good idea of how long your battery lasts between charges. If you usually get a day or two of use from a full charge, and all of a sudden you need to find a charger by lunchtime, something might be going on.

Low Phone Battery

Malware can sometimes be contacting its developers over your cellular or Wi-Fi connection numerous times a day, sending information it has collected back to its home base. Or, it could be downloading fresh ads in the case of spam-puking adware.

A sudden drop in battery life could mean you’ve got an unwelcome bit of code residing on your device.

2

Larger Cellular Bills

Remember how I mentioned malware might send any data it has collected back to its home base? It does that over your device’s data connection. If you’re not connected to a Wi-Fi hotspot, that means it’s using your cellular data connection.

If you’ve got a monthly data cap on your cellular data plan, malware can easily cause you to go over your monthly data allotment, leading to massive overage charges.

Android malware has also been known to sit back and begin sending large numbers of SMS text messages to premium-charge phone numbers (kind of like a 900 line for SMS messages.)

How Malware Can Increase Your Monthly Cellular Bill

Such malware can be greedy, slamming you with a huge number of SMS message fees for one big score - or it might send just a few a month, slowly milking you like a Guernsey Cow.

You should keep an eye on your cellular bill each month anyway, just because of the way wireless carriers try to slip extra charges in on you. But the possibility of a $300 monthly SMS bill is another great incentive to keep an eye on things.

3

Dropped Calls

Sure, dropped calls are a common theme when it comes to cellular phone service.

But pay special notice if your calls start dropping or you begin experiencing service issues in places where you usually have excellent cell service. It’s possible someone’s little malware package might be attempting to eavesdrop on your personal and business conversations.

4

Lousy Device Performance 

If you went the El Cheapo route and bought a $39 Android handset, this one might be tougher to detect.

However, if your $800 Samsung red hot phone of the month starts performing at a little less than its usual sizzling pace (okay, I’m done), then your device might be harboring malware.

Malware, especially if developed by a black hat who used less than optimal coding practices, can eat up extensive processing cycles and memory space. Slower performance than you’re used to could mean there’s some rogue code hiding on your device, greedily consuming RAM and CPU cycles.

What to Do if You Think Your Device Might Be Infected With Malware

Okay, so you’ve observed one or more of the indicators above or have observed other happenings that make you believe you might have malware installed on your device.

What can you do?

First of all, don’t panic.

Your device might not have been infected. It’s possible a recent update to an app, or even an update to your device’s Android operating system, could be causing your device to act all wonky.

If you do suspect your device has been infected, I highly recommend downloading a malware detection app from the Google Play Store. There are plenty of excellent apps available by highly-regarded security firms that can scan your device for any signs of malware.

While many of the malware detection utilities are pay-for-play, they usually have a free trial period available, which should be more than up to thoroughly checking your smartphone or tablet for malicious code.

I recommend any of the following applications for download, all of which are rated at 4 stars or higher:

1

Avast Mobile Security & Antivirus 

Avast is a capable malware-checker and offers many additional features, including a call blocker, Privacy Advisor, Charging Booster, RAM Booster and other gimmicks. Some of these are premium-only features, meaning you’ll need to pay a monthly or yearly subscription fee to access them.

Avast Mobile Security Scan
Avast Mobile Security Scanning
Avast Mobile Security and Antivirus

2

​Bitdefender Mobile Security

Bitdefender doesn’t claim to offer a huge number of features - at least in its free incarnation.

The app specializes in detecting malware on your Android device. It does offer a free trial of its premium features, which offer real-time scanning of web pages and the ability to lock, locate or wipe your device if it’s lost or stolen.

However, for our purposes, the free version will do a capable job.

Bitdefender Mobile Security Run a Scan
Bitdefender Mobile Security Scan Progress

3

AVG Antivirus FREE for Android 

AVG is a well-known Windows antivirus-app creator and is well respected in the antivirus and malware-detection industry.

In addition to malware-scanning, the app can identify unsecure device settings and will tell you how to fix them. It also guards against phishing attacks and will scan your media files for security threats.

AVG Antivirus Android Scan
AVG Antivirus Android Scanning
AVG Antivirus Android Scan Results

4

Kaspersky Antivirus & Security 

Kaspersky’s malware-scanner offers scans for “viruses, malware, spyware, and Trojans.” It also can automatically remove such threats from your device.

As seems to be the fashion these days, it also offers a significant number of other features, such as finding your lost device, blocking phone calls and text messages, and more. Many of these features are already offered by your device’s built-in apps or by other third-party apps.

Kaspersky Antivirus & Mobile Security
Kaspersky Antivirus & Mobile Security Scan
Kaspersky Antivirus & Mobile Security Installed

5

Malwarebytes Anti-Malware 

Malwarebytes is one of my favorite malware scanners. I use it for most of my computing platforms, including my Mac, Windows machines and Android devices.

The app is free and doesn’t try to do too many things. It instead concentrates on doing one thing well: scanning your Android device for code from the bad guys. The app is lightweight and doesn’t put a huge hit on system resources like some scanners do.

Malwarebytes Mobile Anti-Malware Dashboard
Malwarebytes Mobile Anti-Malware Scanning
Malwarebytes Mobile Anti-Malware Privacy Audit

Install any of the malware detection apps listed above from Google Play, allow the app to scan your device for any signs that it has been infected and let it do its stuff.

Most apps can scan a device in just a few minutes or less, and the peace of mind given by a clean scan is worth the short amount of time it takes to run the scan.

Crap! The Malware Scan Found Something!

Okay, don’t freak out. Let’s all be like three little Fonzie’s here and be cool. The damage is done, so let’s take a look at how it can be fixed. In most cases, you can delete the malware in just a few steps. Heck, your Android malware-scanning app might even be able to clean it for you.

1

Let Your Malware Scanner Try to Handle It

If your Android malware scanner of choice finds malware installed on your device and offers to get rid of it for you, let it take its best shot at it. A few of the more popular scanners offer malware removal as part of their feature set.

Once you’ve allowed your malware app to get rid of the malware it has found, run a new scan. If the new scan still finds the malware, you’ll need to move on to the second method of removing malware: eliminating that bad boy manually.

2

Remove the Malware Manually

To manually remove malware from your Android device, you’ll need to follow the steps I list below exactly. Missing any of the steps can lead to a bit of confusion for you, as well as, most likely, not removing the malware from your device.

That said, nothing I’ll list here requires any special knowledge on your part, and the steps are easy to follow. I’ll supply plenty of screenshots and offer clear and concise instructions.

These instructions are for Android Oreo (Version 8.0), the latest version of Android. While other versions may have menus worded a bit differently, they should still be worded similarly, and you should be able to follow along with no problem.

Okay, let’s give this a go.

Step 1

You’ll need to put your Android device into Safe Mode. Safe Mode prevents any third-party apps from running, including that nasty little malware app you picked up.

On most devices, Safe Mode is entered by pressing and holding the device’s power button until you see the device’s “Power Off” options appear on screen.

Normally, you would just tap “Power Off” and the device would shut down, or tap “Restart” to restart your device. But, to restart the device in Safe Mode, you want to tap and hold on the “Restart” option. 

Android Phone Restart

Hold your finger on the “Restart” option until you see a prompt asking if you would like to reboot into Safe Mode. Tap “OK” when the prompt appears (or the device will reboot on its own - this differs according to manufacturer.)

Your device will reboot, and when it comes back up, you’ll see the words “Safe Mode” displayed somewhere on the screen, as shown in the screenshot below.

Android Phone Safe Mode

There are Android devices that don’t use this technique to enter Safe Mode. If this doesn’t work with your device, go to DuckDuckGo (or your search engine of choice) and enter: “How to put [your device’s model name] into Safe mode” to find the instructions for your make and model.

If that doesn’t work, contact customer support for your device’s manufacturer.

Step 2

Once your device has restarted in Safe Mode, open your device’s “Settings” app and scroll down until you see the “Apps & notifications” menu option. Tap “Apps & notifications.” 

Android Phone Safe Mode Apps & Notifications

On the next screen, you’ll see an “App info” menu option. Tap that.

Android Phone Safe Mode App Info

On the “App info” screen, you’ll see all of your device’s installed apps.

If you have a good idea of exactly when your device started acting strangely, look for apps you installed around that time. If you’re not sure exactly which app might be infecting your phone, look for apps that look a bit out of place or that you don’t remember installing. (Unfortunately, it likely won’t be named as obviously as it is here.)
Android Phone Safe Mode Fake VPN App Info

When you find a suspicious app, make a note of the app’s name for later reference (just in case you delete an important app by mistake.)

If you have another device or computer handy, go to your favorite search engine and enter the name of the app and see what you can find out about the app.

Step 3

Once you’re satisfied the app could be causing your device woes, go ahead and tap on the app’s name to open the “App Info” page. Here, you’ll be able to view information about it. More importantly, you’ll see an “Uninstall” button. Tap the button to remove the app from your device.

Android Phone Safe More Fake VPN App Uninstall

Step 4

Most of the time, you’ll be able to tap the “Uninstall” button and remove the suspicious app. If this is the case, proceed to step 6.

However, occasionally you might see the Uninstall button is ghosted out, and tapping it doesn’t do anything. This means the app, and its associated malware, has given itself Administrator status. This means we need to take a few extra steps to get rid of the malevolent and wily piece of code.
Android Phone Safe Mode Fake VPN App

Step 5

Exit the Apps menu and go to: “Settings” -> “Security & location” -> “Device admin apps.”

Android Phone Safe Mode Security & Location
Android Phone Safe Mode Device Admin Apps

On this screen, you’ll see a list of any apps installed on your device that have administrator status. You’ll need to remove the offending app’s device administrator status.

Android Phone Safe Mode Fake VPN

Tap the checkbox found next to the offending app’s name to uncheck it and then tap the “Deactivate” button on the next screen.

You should now be able to remove the app from your device

Android Phone Safe Mode Fake VPN App Deactivate

Step 6

Return to the “Settings” -> “Apps” screen and remove the malicious app by tapping the “Uninstall” button on the App’s Info page.

Android Phone Safe More Fake VPN App Uninstall

Step 7

Restart your device to take it out of Safe Mode. 

Step 8

Run your malware detection app again on your device to make sure the malware has indeed been removed. 

Step 9

Repeat as needed.

How to Avoid Getting Reinfected

Now that your device is clean and running smoothly again, you want to keep it running that way, yes? This is actually relatively easy to do.

Most malware requires an Android device user to be less than safe when installing apps or giving installed apps device permissions in order to grab a toehold in their device.

To stay safe and sound when installing new apps on your device, keep the following “suggestions” (rules, actually) in mind when installing an app.

1

Only Install Apps From Google Play or Other Confirmed Safe Sources

Sure, Google isn’t perfect in vetting apps in their app store, but they’re getting better at it. It’s true that some malicious apps might not show their true colors until days or weeks after they’re installed, but Google does a decent job of catching the bad guys before they go out into the wild.

Google Play Apps Shop

2

Avoid Installing “Clone Apps”

Clone apps are those that always appear when a certain app becomes popular. When Flappy Bird was the big thing, there were WAY too many clones available in the Google Play app store.

If you just have to have Flappy Bird or the next big arcade game, download the real thing.

Google Play Flappy Bird Search

Clone apps are a favorite way for devious developers to hide their true intentions. They lure users in with a free copy of a paid game and then unleash their dangerous payloads when you’re not watching. This is also true of “hacked” versions of popular apps that claim to allow you to play free.

If it’s too good to be true, then it probably is. 

3

Don’t Install Apps From “Unknown Sources”

To ease the temptation of installing apps from unknown or questionable sources, do yourself a favor and make a visit to the “Settings” app. Go to the “Security” menu and make sure the “Unknown Sources” option there is disabled.

Android Phone Security Unknown Sources

That way, you can’t install apps unless they are from an approved source, such as Google Play, or the Amazon app store if you have an Amazon Android device.

4

Always Take Note of What Permissions the App You’re Installing Asks For

When you do install apps, even when they are from a reputable source, take note of the app’s required permissions before hitting the “Install” button. Never allow an app to get Admin permissions.

Think twice about other permissions too. Why does Sonic the Hedgehog need access to your location?

Sonic the Hedghog Location Request

When considering an app for installation, vet it on the internet first. Look for reviews and other information about it. Visit the developer’s website, if they have one. (A reputable developer will always have a website.)

By doing this, you’ll get a good feel for whether or not the developer and his apps are on the up and up.

5

Keep Your Android Device Up to Date

Let’s face it: it’s not easy to make sure your device has the latest and greatest version of its operating system installed. Unlike Apple’s iOS operating system, which is available on devices manufactured only by Apple, the Android operating system can be run on devices made by thousands of manufacturers.

Android Phone Updates Checking

The mind-boggling number of available Android devices means most of the devices aren’t running the latest version of the Android OS. Heck, most of them will never be able to install a later version of the OS than the one that was installed right out of the box.

Nevertheless, try to keep your device as up-to-date as possible. And, the next time you buy a new device, consider buying one from a brand that keeps their devices updated, like Samsung’s Galaxy or Google’s Pixel handsets.

6

Install an Anti-Malware App on Your Device

​​​​Although you should already have one in place, install an anti-malware app on your device. Try to find one that offers a good balance between protection and its use of system resources. While my favorite is the one from Malwarebytes, you may find another app meets your needs better. 

Android Phone Anti-Malware App Scanning

Don’t be afraid to hit the internet and search for information on malware scanner apps. Look for reviews; there are plenty of them out there. Ask your friends what they use. Spend a little more time researching malware scanners than you did your last HDTV purchase, and you should be fine.

What We Have Learned

We’ve covered a lot in this article. We’ve covered what malware is and what the different types of malware that can afflict your Android device can do. We’ve taken a look at how malware gets on your device and how it can be detected and removed.

After all of that, we discussed what you can do in the future to keep malware off of your device. (Basically, it’s like my family doctor is fond of saying: “If you break your arm in three places, stay out of those places!”)

The Reader’s Digest condensed version of all of this is as follows:

Malware Comes Courtesy of “Iffy” Apps

Malware affects millions of users and their Android devices every year. Unlike viruses, which afflict traditional computers such as Windows PCs, malicious code that infects devices on the Android platform usually comes piggybacked onto seemingly innocuous apps.

Malware cannot replicate itself and move from device to device. Instead, it requires the user of the device to install the code. This is usually accomplished by social engineering, or by making the malicious app appear to be a useful application.

There are Telltale Signs of Malware Infection

Telltale signs of a possible malware infection are: worsening battery life, a larger-than-normal cellular phone bill, dropped or otherwise interfered-with phone calls, or worsening device performance (apps take forever to open, games and video are slow, etc.)

Install a Malware/Virus Scanning App

If you think your device might be infected by malware, install a reputable malware/virus-scanning app and use it to scan your device for any possible malicious code.

Get Rid of the Malicious Code

It’s relatively simple to remove malicious code in most cases. Usually, it takes just a few moments to delete the malware. (Occasionally, the malware might prove a bit more stubborn, but with a little more effort on your part, you can defeat it.)

Practice Safe Computing

Practice safe computing to avoid getting more malicious apps on your device. With a little care on your part by playing it smart when installing apps, you can keep your Android device clean and green.

With just a little common sense, a good anti-malware app and thinking before you install any app, you’ll keep your Android smartphone or tablet safe and sound.

4 thoughts on “How to Remove Malware & Viruses From Android Phones Phones (Oreo Version)

  1. Mine got infected the day I got it before I even left the store. They managed to send a False OTA to the phone which I am unable to get rid of. I seem to be permanently stuck with a completely hacked phone that I am merely allowed to use. It survives Factory Data Reset. It has full root access to everything under the main interface. I am stuck and nobody wants to touch or deal with a phone that is hacked.

  2. Glad to read this informative post because here you are explaining each and everything properly and describe everything for user prospective that is very cool to reading hope this is helpful for every android user when they are facing malware related issue.

  3. Im dealing with same thing chriss but it has infected 3 seperate phones via my gmail being linked and it appears to survive the factory reset it is insane did you ever figure anything out..

Leave a Comment