22/02/2022

Android Malware: An underestimated problem?

An underestimated problem? Malware

Android malware figures

During the corona crisis, criminal hackers also attacked smartphones and tried to install malware on the devices. Figures from G DATA show that a new Android app containing malware is released every eleven seconds. However, hidden behind the practical overview with real-time information on current infections, users download adware or, in the worst-case scenario, even ransomware onto their mobile device. The attackers continue to keep up the pace of the attacks. The total number of known Android malware samples since the discovery of the first malicious app over ten years ago is over 25 million. Cyber criminals are also increasingly using so-called droppers for mobile malware. This is an installation file for an Android app, which in itself has no malicious routines. But it only downloads and installs malicious "Android packages" during a second stage.

How does Android malware infect your phone?

  1. Malicious apps
    Downloading a malicious app is a common way to get infected with malware. Cybercriminals disguise malware as popular or new apps and distribute them through app stores.
  2. Infected links
    Hackers often send emails or text messages with links to infected web pages. Clicking on them can download malware.
  3. Malvertising
    Malvertising is the spreading of malware via dubious online advertisements. If you click on such an advertisement, your phone may become infected.

Signs of mobile malware

Besides your G DATA Mobile Security app (see later) which  will warn you in advance there are some other warning signs that may indicate that your Android phone is infected with malware. Let's look at each signal separately:

  • Is there an app on your phone that you don't remember installing? The design of unknown apps may indicate malware.
  • Delete any apps you don't recognize however be very careful as this may cause some problems to the system itself.
  • If apps on your phone freeze frequently and for no apparent reason, your phone may have run out of storage space or memory. I might also have been attacked by malware.
  • Have you noticed an unexplained increase in data usage? If you are not using your phone in any other way than usual, this may be due to malware.
  • Some malware increases your phone bill by sending a lot of messages to premium service numbers. An unexpectedly high bill could indicate malware.
  • Pop-ups and ads are never welcome. If you see pop-ups when your browser is closed, your phone might be infected.
  • Malware can drain your battery. A phone that keeps turning off unexpectedly may indicate malware.
  • Is your phone overheating all the time? Malware activity can also make your phone hotter than usual.


With all that being said, there is one caveat. Many of the above signs might have nothing to do with malware. Before jumping to a conclusion, all other explanations need to be ruled out. Each indicator must be viewed in context: If your phone drains its battery a lot faster than it used to, then this might also be a sign that the battery is aging. This is likely to happen in devices that are maybe two years or older. Batteries age chemically and do not hold a charge as well when it gets older. This is completely normal – after all, in most cases the devices are rarely powered off, if at all, and they are undergoing continuous charging and recharging cycles. The result is: whereas you could use the phone all day when it was new, a year or two later you might only get until the early evening before needing to plug it in. This is a gradual process. So, if your brand new phone only lasts half a day on a full charge, this might warrant a closer look into the possibility of a malware infection.

 

How do I remove a malicious app on Android?

In most of the cases this is a very easy job as you can quickly identify and remove malicious apps with the G DATA mobile security app.
In the very rare case where a mobile malware sample gets through all the defenses you might go for the manual method.  The only case I ever saw this method being needed were a couple of mobile ransomware samples. But this manual method can be tricky and time-consuming (for non-technical users) if you don't know how it works.
If you want to try, here is how to manually remove a malicious app from your Android phone:

  • Put your phone in 'safe mode'. Search (eg. Google) for the method ‘using safe mode’ followed by the make and model of your device on the internet. Using safe mode prevents all third-party applications from running. If your phone no longer behaves strangely in safe mode, you can assume that the problem was caused by either a malfunctioning or a malicious app.
  • Look for malicious apps. Choose 'Manage apps' in Settings and look at the apps you've downloaded. If any of them seem suspicious, or you don't remember downloading them, they may be harmful.
  • Remove apps you know to be harmful. Select the app and tap 'Remove'. If the button is greyed out, you will need to revoke 'Administrator access' under 'Device Manager' in the 'Security' options of your Android system. Then you can delete the app.
  • Reboot your device.

 

Prevention

Here are some important tips to keep your phone malware-free:

  • Install and use the G DATA Mobile Security app for Android on your mobile phone.
  • Only download apps from the Google Play Store. The danger of encountering malware is lower than on third-party platforms. However: this is not a guarantee as we saw a lot malicious apps already in the Google Play store removed after being downloaded for several months. A malware-infected app can slip through the net and past review processes on the Google Play Store. For this reason, it is important to always read everything about the developer in the description.
  • Always read app reviews from other users. Be wary of overly positive reviews as they may not be genuine. Real reviews usually list the strengths and weaknesses.
  • Apps with millions of downloads are less likely to have malware.
  • Do the permissions requested by the app seem appropriate for its function? If what is being asked sounds suspicious, do not download the app or remove it if you have already installed it. Or at least change the permission. For instance, if a sound board app requests permission to use location services and access to messages, then this is a major red flag.
  • Regularly updating your operating system is important to protect your phone with the latest Android security updates.
  • Regularly updating all your apps will install security updates for newly discovered vulnerabilities in the apps and Android itself.

 

By popular vote

Android is the most popular mobile operating system and is used by a large number of people across the world. This means that criminal hackers have a large field of possible victims. Therefore, anyone with an Android phone should be aware of the problem. A lot of Android users seem to underestimate the importance to protect a mobile phone as we see continuously malware showing up on  Android phones. I hope at least that our yearly G DATA report (see first paragraph) about Android dangers gives enough of information why protection is inevitable. The good news is that Android (or Google) is doing a lot to increase the security of their mobile OS with every upgrade but it will take many years to make it malware proof. The question remains if it ever will be.

Photo by Deyvi Romero from Pexels