Android malware can be tricky to spot. For instance, a mobile app called Ads Blocker advertised itself as a useful service for cutting back on pesky mobile ads, which can pop up to cover your screen just when you’re about to access something important. In reality, the app was malware that just served up more ads, according to security researchers.
It’s just one example of malware that can frustrate Android users, plaguing them with ads that the creators get paid to display, even when users are looking at unrelated apps. Malware often also harvests fake clicks on the ads, doubling up on the value of their malware.
“They’re making money,” said Nathan Collier, a researcher at Malwarebytes who helped identify the bogus ad blocker in November 2019, “and that’s the name of the game.”
Researchers say adware like Ads Blocker is the most common type of malware on Android devices. However, other malicious apps can do worse things than make your phone so frustrating to use that you want to Hulk out and crush it — like steal personal information from your phone.
Malware can be disorienting, getting in the way of how you normally use your phone and making you feel uneasy even if you aren’t sure what’s causing the problem. It’s also very common; Malwarebytes says it found close to 200,000 total instances of malware on its customers’ devices in May and then again in June. So how do you know if you have malware on your phone, and how can you stop it? Here are some takeaways from mobile malware experts on what you can do.
Mobile malware typically takes one of two approaches, said Adam Bauer, a security researcher for mobile security company Lookout. The first type of malware tricks you into granting permissions that let it access sensitive information.
That’s where the Ads Blocker app fits in, and many of the permissions it requested sound like something a real ad blocker would have need. Unfortunately, they also let the app run constantly in the background and show users ads even when they were using unrelated apps.
The second type of malware exploits vulnerabilities in phones, gaining access to sensitive information by giving itself administrator privileges. That reduces the need to get users to click “OK” on permissions requests, making it easier for malware to run without users noticing its presence on the device.
Here are signs you have malware on your phone:
These are all worrying signs that mean you should investigate further.
Another type of malware is ransomware. Victims typically see their files locked away and unable to be used. Typically, a pop-up demands payment in bitcoin to get them back. Thankfully, most Android ransomware can only lock up files on external storage such as photos, Bauer said.
Besides making you miserable with constant ads, mobile malware can access private information. Common targets include:
Hackers can use this information for a variety of malevolent tasks. They can commit identity theft with your banking credentials; they can sell your device and contact information until you’re flooded with robocalls, texts and, oh yeah, more ads; and they can send links for more malware to everyone on your contacts list.
If you suspect your information has already been caught up in the robocall machine, you can see what your phone carrier offers to help keep the annoying phone calls to a minimum. For example, customers of T-Mobile, Sprint and MetroPCS will have access to Scam Shield, a free app announced in July.
Whether you think you already have malware on your Android device or you just want to protect yourself, there are clear steps you can take.
First, keep your phone’s software updated. Security experts consistently rank a current OS and updated apps as one of the most important steps users can take to protect their devices and accounts. If you already have malware running on your phone, software updates from your phone maker — say Android 10 or the upcoming Android 11 — can patch vulnerabilities and cut off the access the malicious software enjoyed. Updates can also keep malware from working in the first place.
Next, review what permissions your apps have. Does a game app have the ability to send SMS messages? That’s probably unnecessary and could be a red flag, Bauer said. Keep this in mind when installing apps in the future, too.
You can also consider installing antivirus apps. These services can sometimes slow your phone, and they do have heightened access to your phone in order to spot malicious behavior and warn you, so you have to choose one you trust. And you’re likely to want to choose the paid option if you can, both to unlock all the best features and to avoid seeing even more ads.
The apps can warn you about malware on your phone and offer you customer service when you need to deal with something nasty. At the very least, you can use a well-known program like Malwarebytes, Norton, Lookout or Bitdefender to scan your device if you think you already have malware installed.
Finally, you can get rid of or avoid Android apps downloaded from third-party app stores. These apps don’t go through review by Google and can more easily sneak malicious software onto your phone. Google doesn’t catch everything, as reports about malicious Android apps being removed from the Play store show, but sticking to the Google Play Store — and having a direct outlet to report problems you encounter — is a further line of defense.