How to detect and clean Android malware


Is your Android phone safe from malware attacks?

Advances in mobile phones over the past few years have improved our quality of life, but at the same time created potential security risks. Malware can target any mobile operating system, but Android’s share is higher because most people use Android smartphones. Information technology security news shows that various malware attacks the Android operating system every day. If you are curious, get information about the origin of these attacks and know how to protect your privacy and Android devices. This article will provide you with interesting information.

Is it possible to install malware on Android devices?

Some users believe that Android tablets and their smartphones are completely secure. Gone are the days when hackers only went to desktop operating systems. Today, hackers can attack any smart device, from desktop and mobile computers to televisions and smartphones. Even virtual reality gadgets, UAVs and self-driving cars are not immune to these attacks.

A brief history of the formation of Android malware

In order to gain a proper understanding of the security risks in this area, we must first examine the history of the formation of Android malware. In 2008, Google released the Android operating system, an operating system that today handles 2.5 billion devices. At first, hackers were not very interested in Android, because it was not very popular and most users used Windows computers. At the time, hackers were focusing on Symbian’s popular operating system. Over time, and almost from 2010, when Android became the ubiquitous operating system, it created a fertile ground for the spread of infections. The open source nature of the operating system, along with the various Android stores that emerged, paved the way for malware to enter official Android stores. In 2010, the first Android malware called AndroidOS.DroidSMS.A was detected. The malware was an SMS fraudulent program that registered a mobile phone number in SMS services without the user’s knowledge. At the beginning of this service, users could choose the type of SMS they are going to receive (news, jokes, weekly bells, etc.) and pay the relevant fee for each SMS. When a user’s phone became infected with the above malware, it automatically subscribed to the services and went through the verification process. The user was notified only when he / she received his / her mobile phone bill that he / she has become a member of SMS services. In mid-2010, another malware called TapSnake was detected. Malware that sends the location of the victim’s global location via HTTP protocol to phones running GPS Spy. In the same year, another malware called DroidDream was detected. The malware was programmed to run only between 11pm and 8am when most users were asleep and not using their device. DroidDream malware was a bot that gained root access to Android devices and stole unique phone information. The malware could download other types of malware without the user’s knowledge and allow hackers to take control of the victim device.

Android malware gradually became widespread

From 2010 until today, there has been no sign of a decrease in the number of malware attacks on Android phones. Most Android malware and Android malware release and build kits are published and sold on the web. More precisely, any user can enter the dark web markets and buy malware to harm others. For example, the MazelTov toolbox, also known as the APK download system, was developed and released in 2015. The purpose of designing this toolbox is to load and spread malware on Android devices. MazelTov’s release kit allows hackers to take control of infected devices, get various statistics on malware success rates, and even see how profits they make from infecting devices. The toolbox sold for $ 3,000 in bitcoin format.

Types of malware in the Android operating system

Android operating system can be infected with different types of malware, but the most common malware of this operating system are as follows:

1. Trojans

A malware is malware that looks similar to legal applications and software and looks harmless. Trojans are used to collect sensitive data, spyware, delete files, gain root access to the device, download other malware, and more.

2. Key Thieves

Keyloggers, or more accurately key loggers, are malware that records keys that are pressed on a user’s virtual keyboard. More precisely, every key that is touched on the phone keypad is collected by this malware. Unfortunately, these malware are easily accessible through the web and even ordinary users can find them with a simple search. The above malware is mostly advertised with titles similar to parental control tools, and even some software designers use special tricks to promote and sell them.

3. ransomware

This type of malware is mostly found on computers, but in recent years, ransomware for Android phones have also been released. Most Android ransomware encrypts files on phones, but some have the ability to lock the phone screen. In this case, only one message is displayed on the user’s phone that he has to pay the relevant ransom in bitcoin in order to decrypt it. Figure 2 shows an example of a ransomware attack targeting Russian-speaking smartphone owners. This message informs the user that they must pay 500 rubles and if the requested ransom is not paid, it will send private content on the phone to the victim’s audience.

4. Spyware

Spyware is another type of malware used to eavesdrop. If you are a user of the WhatsApp platform, you are probably aware of WhatsApp spyware attacks. An attack that exploited a vulnerability in this program. Hackers use spyware to gain access to information inside smartphones, such as contact lists, messages and sensitive information, and even take control of a user’s microphone and camera.

5. Software ads

If you see annoying full-screen ads on your phone while browsing the web or using an application, chances are your phone is infected with a software ad.

The most important Android malware campaigns identified in 2019

Every year, important malware campaigns related to the Android operating system are identified, which are among the most effective campaigns of the last 9 months.


The FileCoder ransomware, which infects Android 5.1 and above, spreads through text messages containing malicious links. Messages try to persuade the user to download an image simulation application. Once the app is downloaded and installed, all the files on the phone are encrypted and the victim has to pay $ 94 to $ 188 to access the files again.

2. SimBad

فوقThe above campaign was identified in April 2017 and managed to sacrifice 150 million users. SimBad is an ad that has been identified in the official Google Store according to Google in 2019. The malware works in the form of an ad kit called RXDrioder, allowing hackers to show targeted ads to users. Most shooting and racing style games were infected with the above software ads. The ad hid the app icons so that they would not be detected, so that the user could not easily delete the apps. The ad was able to open a specific URL in the user’s browser to display more ads.

3. Agent Smith

In July of this year, another malware campaign was identified under the name of Agent Smith. The ad managed to infect 25 million Android devices by crossing the barrier of security mechanisms. Agent Smith displayed various full-page ads to users, earning a sum of money from hackers for each ad they viewed. Adware could identify WhatsApp-like social networks, overwrite some of their code, and block their updates. The malware hid inside certain applications, and after being installed on the victim’s phone, it mimicked the performance of applications such as Google Updater and began the process of replacing the code. The above malware was detected in 9 reputable Android stores. The developer of this malware managed to publish 11 applications with the same code in the Play Store.

4. BianLian

BianLian is a banking trojan whose initial version was identified last year. The original version worked with programs such as currency calculator, discount finder, device cleaner from annoying programs and ….. The above malware, after obtaining permission from the user, edited the key services of the victim device and continued to work in the form of a key hijacker malware to steal information about bank cards. This app had a perfectly normal performance and was at the top of the popular apps in the Google Store. In July, a new version of this malware called BianLian was detected. The new version can take a picture of the user’s screen and send the entered information, including passwords, usernames and credit card numbers, to the hacker in the form of images.

5. Monocle

Monokle is malware in the spyware group that was detected in August. The spyware has been active since 2016 and hid in fake applications that functioned similarly to popular Skype, Signal and Evernote applications. Spyware recovered users’ passwords and turned the user’s phone into a eavesdropping device. Recording calls and listening through a microphone are other malicious activities of this malware.

6. (MobonoGram (Android.Fakeyouwon

Mobonogram is a malicious program that uses the open source code of the Telegram program. The program targeted users in countries where access to the telegram was not possible. The malware could launch itself whenever the device was launched or after receiving updates. Inside the program code were modules for accessing control and command servers to obtain malicious URLs. Executing malicious JavaScript code, hiding request sources, click fraud, opening malicious websites, quickly draining ear batteries, and crashing phones were some of the activities of this program. From December 1397 to June 1398, researchers identified 1235 family-related infections of this malware. Mobonogram released at least five updates before removing the app from the Google Store.

How to find malware on Android phones?

Android anti-viruses can detect malware, if for any reason you do not have anti-virus installed on your phone, there are a number of warning signs that may help you detect malware.

Early discharge of battery charge faster than normal

If you are using an Android phone normally and you are not using it normally, but the battery is draining quickly for no reason, the phone may be infected with malware. In some cases, malware can quickly drain the device’s battery. To check for this problem, you need to go to the phone settings, select the Battery option, and check the applications that use the device’s battery heavily. Make sure the programs shown in this section are real programs and there are no nominal similarities.

Warming up and reducing device performance

If there is no change in the process of using the phone and your use is the same as before, but the phone heats up quickly and has a slow performance or has trouble running programs, the phone may be infected with malware. To investigate this problem, you need to look at the amount of data consumed and see which programs consume more data. Go to Access Settings and then Data and check all applications. If you find a program that consumes too much, delete it.

Frequent display of ads in an unusual and random way

Frequent display of ads, even when you are not doing anything specific, is a clear sign that an ad is infected. The smartphone should not show ads for no reason. Never click on ads, even those that promise different things.

Show short messages and anonymous calls

If you receive short messages or unknown calls, your phone may be infected. For example, you may receive a strange message from your audience that encourages you to click on a suspicious link in the text message. In such cases, malware may have infected the recipient’s phone and sent such a message to you. For example, the FileCoder ransomware infects users via text message. Never reply to unknown calls or messages.

Install anonymous applications on the phone

If you find anonymous apps on your phone that you did not install yourself, delete them immediately. Some malware, similar to the fake Google Updater, tries to mimic the functions of a real application and enter the user’s phone in complete secrecy.

Search for hidden applications

Some malicious programs are installed on the user’s phone without any icons. To find these apps, go to Phone Settings, select Applications, and search for unwanted apps. Quickly delete suspicious programs found in this section.

How to prevent malware from being installed on an Android phone?

If we pay attention to some security points, hackers can not easily infect our Android phone. Among the important security points that you should pay attention to are the following:

1. Set the phone password in the form of pins, patterns or bio factors. The
first security point that you must observe in connection with any Android device is to set a strong password or a visual pattern. If the phone supports biosensors, it is best to use your fingerprint to unlock the phone.

2. Set the screen off time to less than 30 seconds if it is inactive.
This will ensure that if you leave your phone somewhere, it will lock quickly and no one will have access to it.

3. Do not root the phone
Users try to root (unlock the phone) to install unofficial applications and install updates on the operating system themselves. Unfortunately, this can lead to many security issues, only if you are a master craftsman.

4. Get applications only from reputable stores
Downloading applications from miscellaneous and anonymous stores doubles the risk of infection. Google uses powerful security mechanisms to evaluate applications. When an app is downloaded and installed from an unofficial store, it actually bypasses Google’s security mechanisms.

5. Remove unused programs Take
some time and delete unused programs. Unused applications not only create security breaches, but in most cases lead to early termination of Internet traffic by consuming bandwidth to receive multiple updates.

6. Be careful installing apps
In some cases, users download Android apps from third-party stores, but in the meantime, some stores are mischievous. The user is looking to install an application, but the store puts the link of another application first and the link of the main application after the promotional link. The user installs the sub-program and when he realizes that he has made a mistake, he goes to download and install the main program and unfortunately does not delete the sub-program.

7. Pay attention to the assigned permissions
Some applications require the user to access a list of numbers, photos and contacts, while their functionality is not related to these sections. These models of programs are designed to track users’ activities, it is better not to install such programs.

8. Update the
operating system Updates to the operating system and applications are important because updates are offered to provide new features and patches.

9. Encrypt phone information
Encrypting information on the main memory and memory card prevents personal information from being easily stolen. To encrypt, you need to go to the Security section of the phone. Note that the encryption and decryption process will drain the phone faster. It is best to do this while the phone battery is charging.

10. Follow the security news Check the
news related to the release of security malware to get enough information about new hacker tricks and ways to deal with them.

11. Use
a good antivirus A good antivirus protects your phone against hacker attacks. Thor Mobile Security is one of the powerful options that detects and removes malware before the phone is infected. This antivirus checks the URLs before opening and if it finds something suspicious, it prevents a site from opening.

How to remove malware on the phone?

Cleaning up malware is the job of anti-virus software, but in some cases you may have to do it yourself. Undoubtedly, the best way to remove viruses on your Android phone is a factory reset, but this will erase all information on the phone and even personal information. In general, to remove malware from your Android phone, follow these steps:
1. Launch the phone in safe mode.
2. Remove suspicious, unused or old programs.
3. Install a reliable antivirus on your phone. Google Play Protect is a powerful security mechanism, but it still has its drawbacks. Google Play Protect was tested by AV Comparatives Lab in July of this year and received a score of 83.2% and 28 false positives. That’s why it’s best to think of a powerful antivirus.

See Also Five Android applications for text to speech

follow on facebook
follow on linkedin
follow on Reddit