The number of Android apps infected with malware in Google’s Play store nearly quadrupled in the last years. Make no mistake about it, there is such a thing as Android malware, cyber criminals create malware-spreading apps in devious attempts to steal personal details and advertisers use it as a marketing channel by bundling pushy ads with apps. In the first case, the users’ mobile security is clearly compromised. In the second one, the ad-app bundle is seldom mentioned, so users who download it unknowingly face a mobile privacy threat.
Can my Android phone get a “virus”?
So what about malware? Should we be worried? The key thing to remember about malware on Android is that you have to actually install the malicious app. Malware writers will use increasingly clever techniques to try and trick you into doing just that.
As malware writers try to earn money for their bad deeds, they continually look for new ways to get their malicious software installed on your devices. The best recommendation is still to think twice before installing untrusted software or clicking on strange-looking links.
Apps designed to personalize people’s Android-based phones are most susceptible to be compromised, as well as entertainment and gaming apps. Some of the most malicious apps in the Google Play store downloaded since 2012 were Wallpaper Dragon Ball, a wallpaper app, and the games Finger Hockey and Subway Surfers Free Tips.
Both Wallpaper Dragon Ball and Finger Hockey, have malware that steals confidential information such as device IDs from infected devices. Subway Surfers Free Tips, meanwhile, uses a Trojan called Air Push to bypass a device’s security settings and subscribe infected phones to premium services
When downloading apps it’s imperative that you only do so from a legitimate app store; that means from companies like Google Playstore, Amazon, Samsung, or another major manufacturer or carrier.
These marketplaces are monitored and scanned for potentially dangerous or fraudulent programs. On occasion, however, malicious apps sometimes slip through the cracks, often disguised as legitimate ones. A fake BBM app recently appeared in the Google Play store and managed to secure more than 100,000 downloads before being removed. The app itself was nothing more than a spamming service.
Pirated or cracked apps are another way that cybercriminals use to infected Android phone with malware. They get legitimate Android application package (APK) file and binding it with a malicious program is a relatively simple process to infect the Android phones. Most pirated or cracked apps usually contain some form of malware so we advise you not to install such apps.
What can an Android malicious app do?
The vast majority of malware on Android is focused on stealing your information, which is obviously a major concern. Perhaps the worst case scenario at the moment is malware that sends SMS messages to premium rate numbers.
Unfortunately, as we mentioned before, malware writers are employing ever more sophisticated techniques to fool you. There are apps that clone legitimate apps to fool you into downloading them and apps that are malware free when you first install them, but download malware through the update system.
As a way to make revenue, advertising companies are getting more and more aggressive by including functionality in their apps to display ads in the notification bar, adding bookmarks, or creating search engine shortcuts to the home screen. These advertising apps can also send off personal data pertaining to your device or account and will often require more permissions to access functionality of your device than the free app you downloaded requires.
The most common Android malicious apps will do at least one of the following:
- Collect and send GPS coordinates, contact lists, e-mail addresses etc. to third parties
- Send SMSs to premium-rate numbers
- Subscribe infected phones to premium services
- Record phone conversations and send them to attackers
- Take control over the infected phone
- Download other malware onto infected phones
- “Push notifications ads” delivering alerts to a phone’s notification bar – when the user swipes to pull down the notification bar from the top of the screen, an ad shows up under Notifications.
- “Icon ads” inserted onto a phone’s start screen – when the user touches the icon, it usually launches a search engine or a web service.
How to remove malware from Android devices (Removal Guide)
This page is a comprehensive guide which will remove redirect and pop-up ads from your Android device. Please perform all the steps in the correct order. If you have any questions or doubt at any point, STOP and ask for our assistance.
To remove Pop-up Ads, Redirects or Virus from Android Phone, follow these steps:
- STEP 1: Uninstall the malicious apps from Android
- STEP 2: Use Malwarebytes for Android to remove adware and unwanted apps
- STEP 3: Clean-up the junk files from Android with Ccleaner
- STEP 4: Remove Chrome Notifications spam
- (OPTIONAL) STEP 5: Reset your router to the factory settings
STEP 1: Uninstall the malicious apps from Android
Android phone will get infected with viruses from a malicious app that is installed on the smartphones. In this first step, we will try to identify and uninstall any malicious app that might be installed on your Android phone.
Open your device’s “Settings” app, then click on “Apps”
To uninstall the malicious app from your Android device, go to the Settings menu, then click on Apps or Application manager (this may differ depending on your device).
Find the malicious app and uninstall it.
The “Apps” screen will be displayed with a list of all the apps installed on your device. Scroll through the list until you find the malicious app.
In our case the malicious app is “BaDoink” however this will most likely be different in your case. These are some known malicious apps: BaDoink, Porn-player, Browser update 1.0, Flash Player, Porn Droid or System Update.
Other apps which are not malicious, however are known to display unwanted ads are: Peel Smart Remote, ES File Explorer, Xender, Amber Weather Widget, GO Weather Forecast & Widgets, Kitty Play, Touchpal, Z Camera.
If you see any of the above apps, you should uninstall them.If you cannot find the malicious app, we advise you to uninstall all the recently installed applications.
Click on “Uninstall”
Tap on the app you’d like to uninstall.This won’t start the app, but will open up the program’s App Info screen. If the app is currently running press the Force stop button. Next we will clear the cache and data, and we will uninstall the unwanted app.
If the Uninstall button is grayed out (this may happen if your phone is infected with the Android Screen Locker malware) then go to:
- First tap on the Clear cache button to remove the cache.
- Next, tap on the Clear data button to remove the app data from your Android phone.
- And finally tap on the Uninstall button to remove the malicious app.
1. Settings > Security > Device administrators.
2. Tap the app that you cannot uninstall.
3. Choose “Deactivate” > “OK” and immediately shutdown your device.
4. Start your device again and then uninstall the malicious app.
Click on “OK”.
A confirmation dialog should be displayed for the malicious app, click on “OK” to remove the malicious app from your Android phone.
Restart your phone.
Restart your Android device to complete the removal process.
STEP 2: Use Malwarebytes for Android to remove adware and unwanted apps
Malwarebytes is one of the most popular and most used anti-malware app, and for good reasons. It is able to destroy many types of malware that other software tends to miss, without costing you absolutely nothing. When it comes to cleaning up an infected device, Malwarebytes has always been free and we recommend it as an essential tool in the fight against malware.
The first time you install Malwarebytes, you’re given a free 30-day trial of the premium edition, which includes preventative tools like real-time scanning and anti-theft features. After 30 days, it automatically reverts to the basic free version that will detect and clean up malware infections only when you run a scan.
You can download Malwarebytes by clicking the link below.MALWAREBYTES DOWNLOAD LINK
(The above link open a the Google Play Store from where you can download Malwarebytes)
Install Malwarebytes on your device
In the Google Play Store, tap “Install” to install Malwarebytes on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android.
Follow the on-screen prompts to complete the setup process
When the Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through the Malwarebytes for Android takes you through a series of permissions and other setup options.
This is the first of two screens which explains the difference between the Premium and Free version. Swipe this screen to continue.
Click on “Got it” to proceed to the next step.
Malwarebytes for Android will now ask for a set of permissions which are required to scan your device and protect it from malware. Tap on “Give permission” to continue.
Tap on “Allow” to give permission to Malwarebytes to access the files on your device.
Update database and run a scan with Malwarebytes
You will now be prompted to update the database and run a full system scan.
Click on “Update database” to update the Malwarebytes anti-malware definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your devices for adware and other malicious app. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malicious apps that Malwarebytes has found, click on the “Remove Selected” button.
Restart your devie.
Malwarebytes will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
When the malware removal process is complete, you can close Malwarebytes and continue with the rest of the instructions.
STEP 3: Clean-up the junk files from Android with Ccleaner
In this step we will clean the cache of your device with the Ccleaner application. CCleaner is a free app, which will help us clean up your device from junk files.
You can download Ccleaner by clicking the link below.CCLEANER DOWNLOAD LINK
(The above link will open a new page from where you can download Ccleaner)
Install Ccleaner on your device
Click on the “Install” button, and when the app permissions will be displayed click on “Accept” to install Ccleaner on your device.
Ccleaner will be installed on your phone, this will only take a few seconds. When Ccleaner has finished installing, open the app
Click on “Analyze”
To perform a system scan with Ccleaner, click on the “ANALYZE” button .
Clean your device from junk files
Ccleaner will now start scanning your device for junk files. The scan may take a few minutes depending on how many apps you have installed.
When analysis is completed, tap to mark the check-boxes next to “History” & “Cache”. You may also want check any other application that your want to delete its cached content.
Tap on the “CLEAN” button remove all the junk files from your Android device.
(OPTIONAL) STEP 4: Remove Chrome Notifications spam
Chrome notifications are great, however cyber criminals are tricking Android users into subscribing to different sites push notifications so that they can send unwanted advertisements to their phones. In this step, if you’re experiencing this type of issues, we will stop these malicious sites from displaying annoying notifications on your device.
On your Android phone or tablet, open the Chrome app.
Go to the”Settings” menu.
Tap on Chrome’s main menu button, represented by three vertical dots. When the drop-down menu appears, tap on the option labeled “Settings“.
Tap on “Site Settings”.
Chrome’s “Settings” menu should now be displayed, scroll down to the “Advanced” section and tap on “Site Settings“.
Tap on “Notifications”.
In the “Site Settings” menu, tap on “Notifications“.
Find the malicious site and tap “Clean & Reset”.
The “Notifications” options will open and you will be presented with a list with sites that you have “Blocked” and “Allowed” to send you notifications. In the “Allowed” section, scroll through the list until you find the site that’s bugging you with notifications, then tap on it, then click the “Clean & Reset” button that appears on the bottom on the window.
Confirm by clicking “Clean & Reset”.
A confirmation dialog should now be displayed, detailing the actions that will be taken should you continue on with the reset process. To complete the clean-up process, click on the “Clean & Reset” button.
OPTIONAL: To prevent this type of issue in the future, in the “Notifications” section you can switch the toggle from “Ask before allowing to send notifications” to “Blocked“.
(OPTIONAL) STEP 5: Reset your router to the factory settings
This step is optional, and is recommended only if you suspect that you router might be infected with malware.
In recent attacks, cyber criminals are infecting the router to redirect the Android devices to different websites. Resetting the router to the default settings may remove the malicious redirects, however you will need to reconfigure all the settings.
When you reset your router the following settings are changed:
- Router username and password
- Wi-Fi username and password
- ISP username and password
- Any port-forwards you have set up
- Any firewall settings you have made
- Basically, any configuration changes that you have made to your router.
If you do not know how to configure a router, you should not perform this step.
Press the “Reset” button for 30 seconds
To reset your router find the tiny reset button usually located at the back of the router. While the router is on, use a pin or the end of a paper clip to press and hold the reset button. You will need to hold if for about 30 seconds.
Reconfigure your router settings
Reconfigure all the settings of your router (example: ISP username and password, Router username and password)
If you are still experiencing problems while trying to remove malware from your Android device, please do one of the following: