Protect your Android against malware and other threats with Avast One
Android malware is a persistent problem. Learn the best Android malware removal techniques to get rid of viruses and other infections on your phone — we’ll show you how to remove malware from your Android device. Or, download Avast One to remove the malware infection immediately and automatically — and keep it safe against future infections.
This article contains:
Here’s how to run an antivirus scan to remove a virus from your Android automatically:
Install Avast One for Android, a free app that quickly scans your device to see if a virus is present. If an infection is found, you’ll be prompted to remove the virus quickly and easily.
Most mobile antivirus programs are straightforward to use. Just tap the “scan” button and let the app get to work.
Once you’ve completed your scan, follow the prompts within the user interface to clear up any risks that may have been uncovered.
If you aren’t using an Android mobile security app, or if your chosen anti-malware app couldn’t resolve the issue, there are other methods. Here’s how to remove the malware from your Android phone manually:
Restarting your phone in safe mode prevents all third-party apps from running, including malware. Some Android phones will let you reboot in safe mode, while others need a few extra steps to get there.
On many devices, you can access safe mode by holding down the power button as though you were planning to turn your phone off.Long-press the Power off option for a second or two.
Tap OK when asked if you’d like to reboot into safe mode.
Once you’ve entered safe mode, assess whether or not the issues are still present. If not, it’s likely that they were caused by malware in a third-party app.
Once you’re in Safe Mode, go to Settings > Apps. Look for any apps that seem suspicious — maybe an app that you’re not very familiar with, or one you don’t recall installing yourself. The best place to start is with the apps that were installed immediately before your phone began acting strangely.
Once you’ve identified a potentially troublesome app, tap Uninstall to delete it for good. In the event that you’ve guessed incorrectly, you can always reinstall it later. In a last-ditch effort for survival, many virus-ridden apps will disable the Uninstall button, in which case you’ll want to remove their administrative privileges.
Navigate through your security settings to find a list of apps with device administrator permissions. Depending on your Android version or phone manufacturer, your path may look something like this: Settings > Security > Device Administrators.
Once there, see if the troublemaker app is featured on the list. If you see it, take a look at the little box to the right of its name, and note whether or not it’s checked.
If it is, uncheck the box, then select Deactivate this device administrator to remove its access privileges. Now, return to the app in Downloaded Apps. The Uninstall button should be tappable now, so go ahead and send that app packing.
As a final step, head to your Downloads folder and delete the malware’s .apk installation file, if you see it.
Restart your phone in normal operations mode, and confirm that you’ve resolved your symptoms. If so, congrats: you’ve mastered how to remove a virus from your Android phone. If not, you may need to repeat this process, this time uninstalling a different app, or consider a full factory reset.
Remember that performing a factory reset deletes all apps and app data from your phone, so it’s always a good idea to set up periodic data backups.
If both the above methods fail to resolve your issue, you can reset your phone back to its original factory settings. Here’s how to factory reset your Android phone to get rid of any malware:
Navigate to Settings > Backup & Reset> Factory Data Reset.
Now tap Reset device.
Enter your passcode to continue, then tap Erase everything. In the screenshot below, the user is asked to enter a generic access code, because there is no password enabled on this example device (you should always password-protect your personal mobile, though!).
After the factory reset is complete, your phone will restart and take you through its initial setup procedures.
Eventually, you’ll be asked whether you’d like to restore your phone from a backup, or start over. Here, you can elect to restore your phone from a backup that dates back to before you’d installed the malicious app.
Android phones can get various types of malware, but they’re unlikely to get a traditional computer virus. A virus gets into files on your operating system and uses your device’s resources to replicate and spread. Malware on your Android phone likely won’t behave in this way. To learn more about mobile malware, check out our dedicated article about viruses and other malware on phones.
Rather, Android malware usually comes in the form of malicious apps that can steal your data, spy on you, damage your device, or cause other issues. Viruses are one type of malware that doesn’t usually affect Android, but many people use the term “Android virus” anyway to refer to any kind of Android malware.
So if you’re wondering how to remove viruses from your Android phone, keep in mind that you’re dealing with a different type of malicious software.
Before smartphones became the ubiquitous companions they are today, the cell phone viruses was considered somewhat of a myth. Computers could get viruses, but smartphones were immune,” went the prevailing wisdom of the day. This illusion of safety was shattered in 2004 after hacker group 29A created the Cabir mobile phone worm and sent it as a proof of concept to several professional cybersecurity labs.
When installed, Cabir — a network worm — would display the word “Caribe” on the screen of infected devices while seeking to infect others via active Bluetooth connections. As a proof of concept, Cabir didn’t cause any direct damage, but the message was clear: phones can get malware too.
In Cabir’s wake, numerous malicious actors took advantage of the new opportunities for mayhem and personal gain, creating their own malware with serious potential for harm. Some of these include:
SymOS/Kiazha.A: a ransomware Trojan that targeted Symbian OS and deleted incoming and outgoing SMS messages.
CommWarrior: a worm that resets the phone on the 14th of every month. Skull imagery installs as a theme package, but the file goes on to disable programs and applications. It also turns all the icons on the phone into Jolly Roger or jigsaw images.
Many malware threats have emerged since smartphones have grown in popularity, and more continue to surface every day. Cybercriminals are constantly innovating new methods to trick users into installing their malware. Take an active role in your digital security by learning more about how these threats work, and what you can do to protect against them.
Android malware comes in many varieties, each with its own quirks and preferred entry vectors. Here are some of the most common types of Android malware:
This type of malware is designed to stealthily glean information from your phone and transmit it back to the hacker. Cybercriminals disguise their spyware as legit applications, which is how they attempt to trick you into installing it. Once installed, the spyware records information including SMS/text messages, URLs browsed, app activity, keyboard inputs, usernames, and passwords.
As the name implies, ransomware blocks access to your device or your data, holding it hostage in exchange for a hefty fee. Though the temptation to liberate your device and files is understandable, you should never pay a ransomware cybercriminal. Instead, try and remove the ransomware from your Android device and then restore an earlier backup.
Worms are the most aggressive type of Android malware. Designed to endlessly replicate and spread, worms are autonomous and can operate without any user interaction. They generally arrive via SMS, MMS, or other digital media.
Trojans act as legitimate applications and infect your phone once the app has been installed. Unlike worms, Trojans need a user to install them before they can carry out their actions. Once activated, Trojans can install additional malware, deactivate other applications, record your personal data, or lock up your phone for a certain period of time.
Avast Threat Labs has discovered many strains of Android malware. Our researchers work tirelessly to detect these malicious apps and get them removed from the Google Play Store as soon as possible to prevent their spread.
In 2011, Avast researchers uncovered a group of malicious apps in the Google Play Store that sent premium text messages to rack up huge charges. We alerted Google and they removed the malicious apps.
In 2018, Avast Threat Labs discovered pre-installed adware on brand new Android devices. We detected this malware on about 18,000 devices in more than 100 countries, and pushed Google to mitigate the app’s malicious capabilities.
In 2019, a new family of Android ransomware was found. This Filecoder ransomware started spreading through posts on internet forums like Reddit, and continued by spreading to all contacts in an infected phone. Once on an Android, the ransomware encrypts most files on the device and demands a ransom of $200.
In 2020, Avast tracked down Android adware spreading through TikTok. Interesting fact: a 12-year-old girl helped uncover the scam when she sent a report to Avast!
In 2020, Avast researchers discovered another 21 malicious apps on Google Play. The apps were mainly masquerading as gaming apps, but they actually contained adware.
That same year, Avast Threat Labs also discovered a banking Trojan hiding on Google Play. Downloaded more than 10,000 times, the malicious app posed as a currency converter app and targeted Android users in Spain until Avast reported it to Google and they removed it.
Those are just a few examples of the hundreds or even thousands of malicious Android apps out there. Some other known Android virus strains are (listed alphabetically): Agent Smith virus, Android ads on Lock Screen, Android ransomware, Android Police virus, Anubiscrypt ransomware, Com.google.provision, Com.android.system.ui, Com.android.gesture.builder, DoubleLocker ransomware virus, Fake virus warning Android, Funnwebs.com, GhostCtrl virus, Ghost Push virus, Gooligan malware, HummingBad virus, HummingWhale virus, Invisible Man, JavaTcmdHelper virus, Lastacloud virus, LeakerLocker ransomware virus, Lockdroid ransomware, LokiBot virus, Mazar malware, NotCompatible virus, Opt Out virus, Smart cars-hacking Android malware, Svpeng virus, Tizi Android virus, and more.
Androids and iPhones have different and distinct vulnerabilities to malware. While iOS was long considered immune to malware, recent attacks have proved that iPhones are vulnerable to security threats.
Android users are more likely than their iOS counterparts to contract malware simply because there are multiple places for them to find Android apps (Android phones make up almost 90% of the global market share for smartphones). Some of these portals are secure, but others are not.
iOS users mostly download apps from Apple’s official App Store, which uses some of the most robust security measures in existence. Apps on iOS cell phones and tablets are sandboxed, which means that their ability to interact with other applications or with iOS itself is limited. Android apps are also sandboxed, but to a lesser extent.Powering devices made by Samsung, Huawei, and Google itself, Android reigns as the world’s most popular mobile phone operating system. This massive user base means that it struggles with updating all of its users to the latest secure version of its operating system. This affords hackers more time to hone their methods and attack more Android users.
When you familiarize yourself with where Android malware commonly comes from, you’re one step closer to keeping it off your mobile device.
Hackers repackage popular apps with malware, then distribute the poisoned versions through various app stores and download portals. This technique is so successful, cybercriminals will often create brand-new apps specifically to trick users into installing them. The user believes that they’ve found an exciting new app, but instead, they’re getting an Android malware download.
Malvertising is the practice of inserting malware in ads that are distributed through ad networks. Clicking on one of these ads can trigger a virus download to your device. Also be on the lookout for virus pop-ups on Android devices, as many of these ads may appear in pop-up windows. If you’re looking to block pop-ups, check out our article on the best pop-up blocker apps for Android devices.
Online scams include phishing attacks and other popular email or SMS-based methods. You’ll be sent a link, but when you click it, the website triggers a malware download to your device. This is one of the most common scams to get an infection on your Android phone.
Direct-to-device infections require the hacker to attach a targeted device to another, and manually install the malware to it. This is the stuff of high-profile corporate espionage. Never plug your phone into an untrusted computer, and never connect unknown accessories to your devices.
It’s not always easy to recognize the signs, but you can learn how to detect malware on your Android phone. Assuming you’ve been following along until now, you’re already an expert on how to check your phone for malware: you can perform a scan with your preferred mobile security app, or investigate recently downloaded apps while in safe mode.Now that you know what to do when you find one, here are some of the more reliable symptoms that might get you asking: Does my phone have a virus?
Some apps tend to crash from time to time, and as you use them, you’ll get a feel for what constitutes normal behavior for a particular app. If you find multiple apps crashing more frequently than they should, you might be dealing with Android malware.
It’s one thing to discover that you’re short on data after, say, unblocking websites and binge-watching the latest season of your favorite show. But if the same thing happens while your phone is hanging out in your pocket all day, you could have reason to worry. Some malware will chew through your mobile data as it operates, and so it’s a good idea to check in on your data allotment from time to time.
You can block annoying pop-up ads with certain mobile browsers or browser extensions. If you start seeing pop-ups even when you aren’t running any apps, it’s likely that you’ve got an adware infection on your hands.
Since most mobile malware isn’t optimized, it tends to drain your battery faster than other legitimate apps.
Similar to a sudden bump in data usage, an unexpected and unexplainable increase on your phone bill is a perfect Android malware warning. It’s always helpful to discuss unusually high billing amounts with your mobile service provider.
Many people don’t take the time to check whether or not that trendy new app has been created by a legitimate developer, especially when it comes to the massive range of free-to-play games out there. This oversight can prove costly, as you might inadvertently give a fake app the keys to your phone kingdom.
There are plenty of reasons for why your phone might overheat, but a malware infection is one of the most common causes. If you aren’t doing anything abnormal with your phone, it shouldn’t be hot to the touch.
What exactly makes an antivirus app trustworthy? What makes one antivirus app better than another? Other than Android malware scans, which additional features are worth paying for?
Download your chosen antivirus app from Google Play. If downloading from the manufacturer, the link you tap should bring you to Google Play, from which you’ll download the app.
The existence of malware-laden security apps is an unfortunate reality. On multiple occasions, hackers have used both fake pages and social media to promote malware disguised as antivirus apps. This makes it critical to…
Even among trusted antivirus software, you’ll find a multitude of options claiming to be the best. Many of them will advertise a free version to get you started.
To thin the herd, spend some time with third-party labs like AV-TEST and AV-Comparatives. These organizations independently test antivirus apps and publicly post the results to help consumers make informed decisions about which product to try.
In most circumstances, a reputable antivirus developer’s free version will suffice. Avast Mobile Security for Android, for example, will protect against viruses, malware, and spyware. It will also scan apps to sniff out Trojans and other infections. As a general rule, you shouldn’t have to pay a premium to be protected against cyberthreats. Here’s a helpful guide on the best free antivirus software out there.
Avast’s free antivirus app will help you optimize and clean up your Android phone, too. It comes with additional features including RAM optimization, anti-theft (which includes the ability to locate and remotely lock a lost or stolen phone), junk-file removal, download and upload speed checks, and real-time protection while browsing the web.
The benefits of purchasing a paid version vary between developers. Premium functions might include PIN or fingerprint access to chosen sensitive applications, or VPN services that safeguard your device while connected to public Wi-Fi. If you’re only interested in how to check for malware on Android, your use of these additional features may vary, though higher levels of mobile security are never a bad thing.
For the majority of mobile users, a robust, free antivirus app should do the trick. Go with one that automatically updates its virus definitions to remain protected against the latest threats.
Without fail, the single most impactful change you can make to improve your mobile security habits is to install a proven mobile antivirus tool. After all, you’ll never need to worry about removing malware if it can’t get onto your phone in the first place.
Protect your Android against viruses, malware, and other threats with the free Avast One. Stay protected online with comprehensive, adaptive security that detects and blocks viruses and malware before they can infect your device. Plus, you’ll get free VPN access, data leak protection, and so much more.