Help! My Android has malware!

What to do if you think you've got an infected Android phone or tablet
We've talked about antivirus apps for Android a little, specifically if you really need to use one at all. It's a good thing to talk about and sort through all the FUD and nonsense about malware on our smartphones and tablets.
Today, we're going to talk about what to do if you think you might be infected by malware. There's always plenty of discussion (and sometimes a bit of fear-mongering) about how to prevent malware on Android, but very little about what to do if it happens to you. Prevention is still the best idea, whether it's from careful monitoring of the things you do or by using an app to monitor for you, but you can survive a malware attack.
First, a word about Android "viruses"
Viruses do not exist for Android. The name gets used a lot, but technically there has never been a virus found to affect Android, and without some sort of crazy unknown exploit there never will be.
A virus is a bit of self-replicating executable code that can do its dirty work on one machine (yes, our Androids are machines) and also has the ability to automatically transmit itself to other machines. The way Android (and iOS, and some computer operating systems) is sandboxed means this can't happen. At least in theory.
To get malware on your Android, you have to have given it the OK to install itself. This doesn't mean that you said "Cool! Let me install this app that steals my data!" Malware is usually hidden inside something you want to install, or something you're tricked into installing.
Just know that you're not going to get malware from visiting a website or reading a message. You need to actually install it and approve the installation during the process.
Here's what to do if malware bites you
- Don't freak out.
Damage is already done if there is going to be any damage, and doing something silly like destroying your phone isn't going to undo anything. Your goals now are to remove the malware, and try to prevent any further data theft or loss. Then you go back and address what may have happened.
- Identify and remove the malware if you can.
There is no need to be embarrassed. Malware happens sometimes if you're not careful.
Shut your Android off and use another computer to research things if you can here. You'll want to install and run one of the many Android AV apps (here are some free ones) to see if you can find any malware and get it removed. Read what we have to say about the various applications, read the forums to see what other folks have to say about the different Android AV apps, and decide which one you think is the best. Turn your Android back on, install it from Google Play, and let the app do it's thing.
- Access and address any damage
Never assume that you get away from something like this with no ill effects. Call your bank and change your online credentials. Do the same for your credit card companies, and get new cards sent with different numbers. Change the password for your Google account. Do the same for any other online accounts, like Yahoo or Microsoft or PlayStation or Android Central. If you see anything that looks like you didn't do it — credit card charges, crazy postings on FaceBook, or wire transfers from your bank to anywhere — be sure to let the people in charge know that it wasn't you who did it and that you had a bout with some malware during those dates. It happens. There is no need to be embarrassed about it and you'll find that people are willing to assist you any way they can. That's because they have seen it often enough to know that one day, they may be in your situation.
- Change some habits, maybe.
You might never be able to find out just how you got your phone or tablet infected, but you can evaluate if you need to do things a little differently to minimize the risk of it ever happening again. Maybe you need to stop using pirate app stores, or stop clicking "yes" without reading what you're agreeing to, or stop installing random email attachments. Nobody is blaming you for getting infected, but you're the only one who can prevent it from happening again.
Help! That didn't work!
First, see the top bullet point above and don't panic. You might not like doing it, but know that a factory reset will remove any malware you have inadvertently installed and kill it with fire.
Malware is usually hidden inside something you want to install, or something you're tricked into installing.
If you have reason to believe your Android is infected but normal Android AV apps aren't finding anything, your last course of action is a factory wipe of all your data. This means all of your data, and the only thing you'll have left is what backed up online (think Google Play Games services) and media like pictures. We want to remove any and everything local that might be executable.
Back up all your pictures (and music and videos) to your Google account. Google+ is a great place to store your pictures, drop your videos in your YouTube account, and you can store up to 20,000 songs in your Google Play Music account. Utilize this free space Google gives you, even if it's just to store a few things while you pour digital bleach on everything.
Take the SD card out of your phone if it has one. Visit a computer (or a friend with a computer) and wipe and repartition it using the built-in software for disk management. Don't save anything — you need to be brutal to make sure anything nasty gets nuked.
On your Android, go into the settings and look for the backup and reset options. You want to perform a full factory reset of all your data, including any local storage space. Let it do it's thing, and when you set it back up be sure to not restore any backed up data from your Goggle account.
You still want to change passwords and contact your credit card companies. You also want to take a close look at the way you do things to try and prevent this from happening again. None of that changes.
If you rooted your Android
If you rooted your Android, you may have bigger issues here. Forget the app sandbox, forget Google's Bouncer, and throw out most of the rules that apply to people who didn't root their phone. The solution is simpler, but more brute-force.
Back up your media as described above. Next, go into a custom recovery and wipe everything. Flash a completely new ROM.
If you don't have a custom recovery installed, or one isn't available for your phone, talk to the guys and gals who are hacking and developing custom software with the same phone that you're using.
Going through the pain of a factory reset then finding out that some malware is written to the system files and not your user data means you did everything in vain. Take a few minutes to talk to other people with the same hardware as you.
Get the Android Central Newsletter
Instant access to breaking news, the hottest reviews, great deals and helpful tips.
Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.
-
Thanks Jerry. I always appreciate your articles! Rocking the Note 4
-
+1 Posted via Android Central App on Nexus 7 (2013)
-
+1 Posted via the Android Central App
-
In short, just don't download questionable apps and there is no need for "antivirus." Posted via my bloatware and needless skin free Nexus 6!
-
Yep. Posted via Android Central App
-
This sums it up. Posted via the Android Central App
-
Exactly, that's where malware usually stems from. But if you doing questionable habits then you probably deserve getting it. Posted via the Android Central App
-
There's no reason to have one if you're not rooted. And if you are, you probably know what things not to install and grant root permissions too.
-
There is a need for Anti virus, if you don't know the reputation of an app.
-
My android phone I'd badly affected by a malware virus I try all factory data resets and nothing happens I am seeing battery control and I cannot uninstall it because d uninstall grey out.
-
If it ever happened to me I'd figure a full wipe would fix any issues.
-
Good info. What I find annoying is all those random pop ups you get when browsing saying your device has been infected or even non scary stuff like your memory is full and you know someone will press yes and install what it wants. I wish google could some how stop this. Posted via the Android Central App
-
That's has a lot to do with the websites you are going to sir.... Posted via the Android Central App
-
I get those messages on news sites, podcast sites like Nerdist, and so on. They have increased 100 fold in 2014 it seems. Wish Google would create a permanent "Full Site" setting in the chrome app so websites can not see that you are on Mobile. And it is all because of Mobile direction on sites. I wish sites would stop having Mobile Versions at all. Phones from 2011 and forward can handle full sites mostly, except for sites that still use flash. Plus you don't get all the otions a full site offers that seem to be left out on mobile versions.
-
I've seen it pop up on sites like Phonearena Posted via Android Central App using galaxy s4
-
All your banks will probably appreciate the heads up that something may happen. Helps them to stay on top of it as it occurs. Posted via the Android Central App
-
True getting malware is possible but only through irrational decisions like downloading some sketchy app/thing. All it takes is a little bit of common sense.
However, I'm so tired of people who twist things; equating malware on android as easily attainable like on a PC a decade ago. :( -
I know Jerry probably knows this and is just using the terminology as a way to get his point across quickly, but rooting and having a custom recovery, while they do go hand in hand in most cases, are completely independent from each other. (You can be rooted with every thing else stock and you can have a custom recovery with no root access)
-
Help! Someone asked me if this was an iPhone 6 plus! Who would do that? Oh my Posted via Nexus 6
-
I got asked if mine was a note the other day... I was like na, its an extension of my soul. Posted via the Android Central App
-
Or you can save yourself the hassle and just have a app that protects against malware and anti-virus protection in the first place. Posted via my Samsung Galaxy Note 4.
-
The first fuckin sentence. All you had to do was read the first fuckin sentence and you couldn't even do that.
-
Not only does phonefanatic2014 have unpopular opinions, but it turns out he can't read either. Posted via the LG G3
-
You probably need to go back to school because opinions are neither popular or unpopular. That is why they are called opinions in the first place. You must have dropped out after third grade? Posted via my Samsung Galaxy Note 4.
-
There is really no need to use curse words on this board. Not my fault my opinion upsets you. Posted via my Samsung Galaxy Note 4.
-
Thanks Jerry. I don't think my phone has ever had any malware beyond some annoying adware. But if it ever happens, now that I've read your article, I won't use a hammer on it.
-
Great app
-
Hmmmn... Isn't lookout is already on Samsung device... Anywho... I just download apps etc from app store... No viruses or malware here.. Posted via the Android Central App
-
I find it easier and much more satisfying if you just shoot your infected phone and get a new one.
-
Lol Posted via the Android Central App
-
Personally I think the elephant in the room that gets glossed over are unnecessary permissions performing as malware does. For me the worst part of Android is not being able to decline individual permissions separate from the app itself. Posted via the Android Central App
-
Not being able to deny permissions. Coming from BlackBerry where you can do this, I completely agree. Posted via AC App from my S4 mini WITH an LED CrackLight ;-)
-
Tin foil hat- check, Tin foil jacket- check
Tin foil pants- check Posted via the Android Central App -
Typical fanboyism when a short coming is pointed out, like saying foul!
No tin hat needed here, it's not fear driving my sentiment. Yours however does require faith.
For me eyes wide open. Posted via the Android Central App -
I'm not sure if you mentioned safe mode? It is useful if you get an app which for example is a device admin and closes settings each time you try to go there and uninstall it. You have to hold down the power off button (onscreen) from the power menu and an option will pop up.
Safe mode only shows the preinstalled apps, but you can get rid of others. Posted via the Android Central App -
Cool thanks! I had totally forgotten about safe mode (since it was Nexus-only when it first appeared, and then of course by the time other phones got the android version with safe mode, it was a mostly-forgotten topic). Works on my Japanese Xperia phone ^^
-
Actually, I wasn't aware that such apps exist. Just today I got a weird comment (translated from Russian) that my app saved him :
"That'S Perfect! Only with the help of this program was able to remove the virus file as an administrator! Thanks you."
I didn't understand what he was talking about, since I never intended for this to help uninstalling problematic apps (I made it to make it easy to uninstall any app).
I wonder if my app can really help in this. Which problematic app do you know that does this? I will try it out myself.
This is my app btw: https://www.androidcentral.com/e?link=https2F2F... -
The first thing you should always download on your phone or tablet is anti virus software.
-
Why? I've never had any antivirus software on any of my Android devices. I've also never had any malware on said devices. As long as you are careful with your installing habits you will be fine.
-
Exactly. I've never seen one and been rooting and romming since 2008 very actively...have yet to see actual malware or virus on Android much less be infected. Its total hyperbole. Posted via the Android Central App
-
No no no....NOT necessary whatsoever. I've been rooted and flashing ROMs for many years and have yet to see or be infected by malware and I've flash a TON of ROMs and very active on XDA. Sure some of these apps offer other features (Avast for instance had theft protection enhancements) bit ID never download much less buy an app for malware or antivirus until they actually are a threat (if they even exist).
Sure you can have problems of course (they're computers after all) but 99.9999% of issues people have is mods and apps conflicting and or not knowing what they're doing when flashing and side loading apps etc. Posted via the Android Central App -
*pours gas* Here's a solution...buy an iPhone. *lights match* No malware on iOS. *watches fire*
-
IPhone??? Oh yeah, that's that thing that can't do the simplified task a entry level Android can. (Apps being able to talk to other apps) CM12 GS3
-
Extensibility?
-
Help ASAP I was downloading an apk Fifa 14 since it was token off the playstore so it took me to adfly and it on the bottom there was pornography and I ignored it clicked skip ad and installed the apk when it suddenly froze and forced a thing that says FBI I have to pay $500 and it won't let me turn it off click home exit or anything to only that app works so I believed it so I called the cops and they said it was spam and then I read this so wat do I do it won't turn off or anything only that pop up works telling me to pay $500 I have the HTC one m8 please help asap
-
On my Android device (Infocus M2 3G) AVG Security & 360 Security has detected some malwares on my system apps. All this Security system is failure to delete the harmful app. What can I do?
-
I was givin an HTC 4G With Google smart phone. But am unable to use it .
A message that that says "Attention! Your device has been blocked for safety reasons listed below . All the actions performed on this device are fixed. All your files are encrypted. CONDUCTED AUDIO AND VIDEO::...followed by a shit ton of warnings ect.. BUT they will fix it for $500.00...And it sats you d an use PayPal or credit card... I was told that it in itself is a scam for money and the block can be removed easily yourself. .. it has FBI warning n blahhhh... I Just really like the phone and would lije to activate it through Verizon. .which is the company it is from ..as it reads Verizon at the top of tge phone. . Just throwing this out there hoping someone knows if its fixable or just junk now.. and HOW TO FIX.. FREE..I have a phone so if it can't be fixed ..like factory reset for free or something. .I will just toss ir donate it... But im hopeful that one if you has Good news or how to rectify this problem. THANKS IN ADVANCE TO ALL THAT READ N TRY TO HELP... -
Tried all the things as mentioned on my galaxy tab 2 some apps stil exists, tried flashing different custom ROMs, hard reset it but it didn't go yet. Any help regarding this?
-
How can I tell if my Android has malware?
-
I think I have malware on my Samsung Galaxy Tab2 7.1. Cant get past a screen to do anything. No drives to load malware discs etc can you help
-
I had same thing happen when my son was on my phone. I just used a different app to go on the Internet. Then one day it showed the no# of pages opened I deleted all of them and it cleaned it all up and was able to use all of my Internet apps again, ie; chrome, google, bing, etc. And trust me I am not tech savvy....I'm one of the dumb-asses that installs dumb-ass stuff but never seem to get screwed w/malwares-viruses, etc. Ih, and my phone is a note4.
-
Please I have a virus on my phone (maybe a trojan) I can't access my phone when I'm reseting my android again is that virus!Please help
-
Hi all, I woul require some help. I have received the android pop up virus many times. Each time it states that my android is infected. Whenever I see it, I just either press back and carry on or just close the page on my android. Is there any risk im taking by doing this?
Any advice is much appreciated. -
Uninstall bluetooth app sender immediately. ..
You are done . No need to download anything, not even from play store you will find help .
There's not anti mallware that can detect this .
I tried Mallwarebyes, it fail
I tried several others according to their ratings, they all fail to identify the root cause of the add,not until I manage to detect that it's the diagonal shaped bluetooth app sender was doing it.
Since I uninstaled it and deleted it's residual files, my S5 has remain free from anoying pop up adds. -
TrustLook has picked up stuff even MalWareBytes didn't so this is my protection scanner by choice and sensitivity.