Does Your Android Device Have a Virus? Do This!
If your Android phone or tablet is acting strangely, you could be dealing with a virus. While only 6% of viruses target Android users [*], the sheer number of Android mobile devices being used each day means that you could easily become a target of malicious software.
In 2023 alone, cybersecurity researchers discovered more than 500,000 active Android malware [*].
If your device is hacked or infected, this could give scammers access to your sensitive data, photos, videos, and online accounts.
In this guide, we’ll explain how to tell if your Android device is infected with a phone virus, provide step-by-step instructions on how to remove malware and vulnerabilities from Androids, and show you how to protect your device in the future.
How To Check for a Virus on Your Android
Hackers have several tools they can use to hack your device, access your data, and take over your phone number. Viruses, trojans, ransomware, and other types of malware can all put you and your family at serious risk.
The bad news is that devices running Google’s Android operating system tend to be more susceptible to malware than other devices (especially iPhones). This is because Android is more flexible and customizable than Apple’s iOS — so hackers can manipulate vulnerabilities or promote malicious Android apps in the Google Play store and third-party app stores.
Here are some of the most common warning signs that your Android device is infected with malware:
- Your battery drains much faster than usual. Viruses and other malware run constantly in the background, draining your device’s resources and battery life faster than normal.
- Your phone bill is higher than usual. Some viruses receive commands and data from external devices controlled by hackers. They can use your wireless plan to make these connections and leave you to pay for additional data usage.
- Your phone heats up or makes strange sounds. Malware can make your phone unstable, leading it to heat up or act strangely.
- Your apps keep crashing. If a virus is draining resources from your device, it may cause apps to run slowly, crash, or stop working entirely. Some viruses intentionally break certain apps so you can’t use them (such as mobile security software).
- You see non-stop pop-ups when browsing the internet. Adware viruses store invasive pop-up ads on your phone and display them to you when you browse the internet. If you keep seeing the same ads despite using an ad blocker, you probably have a virus.
- You can’t access your online accounts. Some hackers use malware to monitor your keystrokes and learn your account passwords. If they break into your accounts and change the passwords, you might be locked out.
- People in your contacts list are receiving strange messages from you. If hackers have compromised your device or one of your accounts, they might spread malware through your contacts list. If friends, family, or other contacts are receiving strange texts or direct messages (DMs) from you, your phone could be compromised.
- Antivirus software messages alert you that you have an Android virus. If you have antivirus software active, it may warn you that your device is infected. However, be cautious if you get warnings when you don’t have antivirus — this could be part of an elaborate hacking scam.
- There are new apps that you don’t recognize on your home screen. If your device is infected with malware, you may see new apps on your home screen. These may look like legitimate apps from well-known companies; but if you didn’t download them yourself, they are malware.
Pro tip: Viruses aren’t the only method used by scammers to take over your phone. SIM swaps, account hacking, and phishing scams can all compromise your device and personal data. For comprehensive protection, try Aura’s all-in-one digital security solution free for 14 days →
How To Find and Remove Malware From an Android Device
- Turn off your phone to limit the damage
- Restart your Android in “Safe Mode”
- Run an antivirus scan
- Remove malicious apps
- Clear your cache and downloads
- Factory reset your Android
- Activate Google Play Protect
- Change your Google Play and other passwords
- Download an all-in-one digital security app
Android viruses can be difficult to remove — especially when you try to do it on your own. If you think your device has been infected, follow these steps to identify, quarantine, and remove the virus.
Step 1. Turn off your phone to limit the damage
Turn off your phone as soon as you see warning signs that your phone is infected. This will help limit the damage, as hackers won’t be able to use your mobile data or receive stolen data from the virus.
Once your phone is turned off, try to find out where the virus came from. Use a separate device to research any apps you recently installed. You can search Google for “[App name]” + safe/virus” to do this.
If the virus doesn’t let you power off your device, you can force the device to shut down by removing its battery.
Pro tip: It’s not enough to turn off your Wi-Fi or mobile data. Some viruses may continue to hijack your connections in secret — even if you turn them off. Power down the device to ensure that your data isn’t being compromised.
Step 2. Restart your Android in “Safe Mode”
All Android phones feature a special troubleshooting mode called Safe Mode. This deactivates some apps and widgets and prevents others from controlling the device. You can still use your phone normally in Safe Mode, but you won’t be able to use some apps fully.
Safe Mode only allows your device’s original pre-installed software to run. This gives you the opportunity to uninstall suspicious applications that might have infected it. In some cases, many signs of malware may disappear after booting into Safe Mode.
Here’s how to reboot your Android phone in safe mode:
- Press the phone’s power button.
- When the Android animation starts, hold the volume down button.
- Keep the button held until the phone restarts again. You should see “Safe Mode” displayed on the bottom of the screen.
Step 3. Run an antivirus scan
Safe Mode won’t allow you to run an antivirus app, so you’ll have to first restart your phone normally.
Once your phone is fully active, download and run an antivirus scanner. These tools can identify and even quarantine suspicious apps so that you know what needs to be deleted.
However, be cautious about which apps you trust. Hackers often disguise their viruses as free antivirus scanners or “device clean-up” apps to trick you into installing them. Always choose antivirus software from a reputable cybersecurity company — and make sure you download it from the official Google Play store.
Step 4. Remove malicious apps
If your antivirus scan uncovers malicious apps, you should delete them and all files associated with them. You can safely remove any app reported as unsafe. If the app does not allow you to remove it, you may need to boot back into Safe Mode and try again.
If Google detects malware on your device, it may take the extra precaution of signing you out of your Google Account. You should be able to access your account after removing the malicious app. If the problem continues, consider running the antivirus scan again to see if the malware managed to persist on your device.
Step 5. Clear your mobile browser cache
Some viruses operate from your device’s browser cache — a part of your web browser that saves frequently-accessed websites and assets so that your phone doesn’t have to constantly connect to external servers and download them.
Clearing your cache can resolve issues associated with some viruses, but it may not get rid of the virus entirely. This process will sign you out of some websites and may temporarily make your internet run more slowly.
Here’s how to clear your cache in Google Chrome for Android:
- Open the Chrome app.
- Tap on More in the upper right corner.
- Tap on History, and then on Clear browsing data.
- Choose a time range. Select All time to delete everything.
- Check the boxes next to Cookies and site data and cached images and files.
- Tap on Clear data.
Note: The process is similar for other common mobile browsers, such as Opera, Firefox, and Microsoft Edge.
Step 6. Factory reset your Android phone
If your device is still showing signs of malware at this point, you may need to take more drastic measures.
Some malware infections reach the very core of your phone’s operating system, which will require a factory reset to clean it out. A reset will remove all data and settings from your phone and restore it to its original factory settings.
Most Android phones allow you to reset the device through the Settings app. Every manufacturer’s device is a bit different, so you’ll have to verify the process for your phone with the company that made it.
You can find the support site for Android device manufacturers (like Samsung) here.
Pro tip: Make sure you’re restoring your data from a secure backup — otherwise you could accidentally re-infect your device. When in doubt, manually restore apps and data.
Step 7. Activate Google Play Protect
Google Play Protect verifies your apps and ensures that you’re only downloading legitimate software. Activating Google Play Protect can help you detect and remove viruses from your device, and provide you with notifications when apps start doing unusual things without your permission.
Google Play Protect is always on by default, but some apps and viruses may turn it off without your knowledge. If this happens, you may not know that your device is unprotected.
Here’s how to verify and activate Google Play Protect:
- Go to the Google Play store app.
- Tap on the Profile icon.
- Tap on Play Protect and then on Settings.
- Enable Scan apps with Play Protect
Step 8. Change your Google Play and other passwords
If your phone has been compromised by hackers, you should assume they know your passwords and login credentials. Start by checking that you have access to your most important accounts — online banking, email, social media, etc.
If you can still log in, update your passwords by using unique and secure options, and then enable two-factor authentication (2FA) by using an authenticator app instead of SMS codes.
To be absolutely sure you’re safe, update your passwords from a different device. Some spyware records your screen or tracks all of the data you enter — meaning you could be accidentally giving hackers your new passwords.
💡 Related: How Do Hackers Get Passwords? (And How To Stop Them) →
Step 9. Download an all-in-one digital security app
A hacked or infected phone is almost always a symptom of a much larger problem. With access to all of the data and accounts on your phone, scammers can break into your online accounts, steal your identity, or even empty your bank account.
An all-in-one digital security provider not only protects your devices — it also warns you if scammers are using your stolen personal information to open new accounts, take out loans, or impersonate you.
For example, with Aura’s award-winning identity theft protection app, you get:
- Comprehensive digital security for all of your devices. Aura includes antivirus software, a military-grade VPN, secure password manager, Safe Browsing tools, and AI-powered scam and spam call and text protection.
- Award-winning identity theft protection. Aura monitors your most sensitive information — including your Social Security number (SSN), passwords, and more — and alerts you if they’ve been leaked or are being used by scammers.
- Credit and financial monitoring with the industry’s fastest fraud alerts. Aura also constantly monitors your credit file, bank accounts, and more for signs of fraud. A 2022 mystery shopper survey found that Aura’s credit fraud alerts are up to 250x faster than those of other services3.
- 24/7 support from White Glove Fraud Resolution Specialists. If the worst should happen, every Aura member has 24/7 access to U.S.-based support agents.
- Up to $1 million in identity theft insurance. If hackers steal your identity, Aura covers eligible losses such as stolen funds, lawyer fees, personal expenses, and more.
Will Resetting Your Android Phone Remove Viruses?
Resetting your phone may clear simple viruses and malware from the device, but it’s not a reliable way to protect yourself. Many viruses attach themselves to the device’s operating system or firmware, allowing them to persist even when you reset the phone to its factory settings.
In other cases, hackers may already have gained access to your online accounts, like your email, banking, or social media profiles. Deleting the virus won’t prevent fraudsters from locking you out of your accounts and using your identity to commit fraud. You’ll need to take additional steps to recover your accounts and restore your identity.
The bottom line: Digital security is about more than just protecting your phone against viruses. For peace of mind, opt for an all-in-one digital security solution that monitors and protects your devices, personal data, identity, finances, and more.
💡 Related: Do You Actually Need Antivirus Software? [Answered] →
How To Protect Your Android From Viruses and Hackers
Preventing a virus from infecting your device is much easier than restoring your identity after it’s been compromised. Here are some ways you can keep your phone safe, and protect your data from cybercriminals:
- Only download apps from the official Google Play Store. Third-party stores and jailbroken apps do not have the security features you need. Avoid apps that require additional steps like rooting your phone or downloading the apps from third-party websites.
- Keep regular backups of your phone and other devices. Backup services can help you restore your data quickly, making it easier to recover from malware and ransomware attacks. If hackers threaten to delete or encrypt your data, you can simply restore from your most recent backup.
- Learn to spot the warning signs of a phishing scam. Never send personal or sensitive data to anyone you don’t know. If you do have to send personal information to someone, use a secure file transfer platform instead of an unsecured messaging app.
- Enable auto-updates on your phone and software. Software updates often contain vital security patches that help protect you from the latest viruses and malware. Delaying these updates can expose you to risks that are completely preventable.
- Create unique and secure passwords for every account. Always use a unique and complex password for each account. Consider using a secure password manager so that you don’t have to worry about remembering all of your passwords (and can easily access them when needed).
- Invest in safe digital security tools. Aura’s all-in-one solution includes antivirus software for your phone and computer — as well as a virtual private network (VPN), secure password manager, Safe Browsing tools, and more to shield you and your family from hackers. Aura has been rated the #1 identity theft protection tool by Money.com, USNews.com, TechRadar, and more.
- Enable 2FA whenever possible. Two-factor authentication makes it harder for hackers to gain control over your accounts and devices. Activate this feature on every account that supports it.
- Avoid using public Wi-Fi (especially to log in to accounts). Unsecured public Wi-Fi is very easy to compromise. Hackers can intercept the data you send over public Wi-Fi, including the login credentials you use to sign in to accounts. Use a VPN to connect to these accounts on public networks, especially when you access the internet in restaurants, airports, and hotels.
- Monitor your identity and finances with an identity theft protection service. Even the best security practices can’t guarantee that you will be safe from every kind of scam. Aura’s credit monitoring software can help keep an eye on your accounts, and trigger alerts when unusual activity occurs.
The Bottom Line: Aura Can Help You Deal With Android Malware
Viruses are just one of the many serious threats that Android users face when browsing the internet. Hackers may use malware to infect your device, learn your passwords, and compromise your accounts — or they may reach out and try to trick you into giving up your data directly.
Effective malware protection requires doing more than finding and removing viruses from your devices.
Aura’s all-in-one security solution provides 360° protection of your online accounts, devices, data, identity, and finances. With Aura, you get near real-time alerts when suspicious activity is detected on your accounts, as well as 24/7 access to a dedicated team of U.S.-based Fraud Resolution Specialists who can walk you through any cybersecurity scenario.