Does Your Android Device Have a Virus? Do This! 

Phishing and hacking attacks against mobile devices tripled in the past year, with Android devices being targeted by malware and malicious software much more often than Apple iPhones [*].

If your phone is infected with an Android virus, you could experience strange and persistent notifications or pop-ups, a fast-draining battery, excessive heat, or higher-than-usual data usage. 

As soon as you see any of the warning signs of a phone virus, you should immediately:

• Scan your phone with Google Play Protect and other internal tools.
• Reboot in Safe Mode, and then manually remove suspicious or unknown apps.
• Download and run a reputable antivirus app or mobile security software.
• Factory reset your device. (Caution: this step is a last resort, as it will delete all data and settings from your device.)

Quickly identifying and removing a malware infection is one of the best ways to protect your Android phone and any personal and financial data that it contains. 

Here’s a step-by-step guide on what to do:

{{show-toc}} 

Step 1: Begin immediate damage control

The first thing you need to do when you notice any signs of a malware infection is to remove the hacker’s ability to access your device and data. Here are a few key steps to take:

Turn off your phone

If you see signs that your Android device is infected, even after you’ve run an antivirus scan,  the best course of action is to turn it off. You may need to remove your battery if the virus or malware is preventing you from powering off your device. 

If you can’t remove your battery or your screen isn’t working:

• Plug your device into a charger.
• Hold down the Power button + Volume Down (or Volume Up) buttons simultaneously to force power off.
• Your device must be plugged into a charger. Otherwise, it will reboot and not turn off.

Pro tip: Turning off your Wi-Fi or mobile data is not enough. Some viruses may continue to hijack your connections in secret — even if you turn them off. Power down the device to ensure that your data isn't being compromised. 

Turn on “Safe Mode” and manually remove any suspicious apps

Android's Safe Mode is a special troubleshooting feature that deactivates some apps and widgets — so only your device's original pre-installed software will run. This step can help you isolate threats and uninstall suspicious applications without interference. 

• Restart your phone. When the logo appears, press and hold the Volume Down button to enter Safe Mode.
• Once your phone is in Safe Mode, go to Google Play Store, tap on the Profile icon in the top right corner, and select Manage apps & device. Go through all third-party apps, and delete anything suspicious.

Clear your mobile browser cache

FireTail founder Jeremy Snyder warns that hackers plant malware in cached content, so clearing your cache is essential when you want to remove viruses from Androids [*]. Be aware that this process will sign you out of some websites and may temporarily slow down your internet connection.

Here’s how to clear your cache in Google Chrome for Android:

• Open the Chrome app, and tap on More in the upper right corner.
• Tap on History, and then Clear browsing data.
• Select All time to delete everything.
• Check the boxes next to Cookies and site data and cached images and files, and then tap on Clear data.

Note: The process is similar for other common mobile browsers, such as Opera, Firefox, and Microsoft Edge.

Step 2: Find and remove malware

Once you’ve removed suspicious apps and cleared your device’s cache, you may need to use special anti-malware software to remove more deeply rooted malware. You can use both internal security features and third-party tools in this step.

Activate and scan your device with Google Play Protect

Activating Google Play Protect can help detect and remove viruses and notify you when apps start doing unusual things without your permission. If Google Play Protect detects malicious software on your device, delete these apps.

To activate Google Play Protect:

• Go to the Google Play Store app, and tap on the Profile icon.
• Tap on Play Protect and then Settings.
• Enable Scan apps with Play Protect.

Download and run antivirus software

An antivirus scan is crucial to detect and remove viruses from Android devices. If your antivirus scan uncovers malicious apps, delete them immediately — as well as all files associated with them. 

As Steven Scheurmann, of cybersecurity company Palo Alto Networks, explains [*]:

"The open nature of the Android platform allows for greater flexibility and customization, making it easier for malicious actors to create and distribute fake app stores or unauthorized apps." 

Take care to review antivirus or security apps before downloading. You should always choose antivirus software from a reputable cybersecurity company — and download it from the official Google Play Store.

Manually perform software updates (and enable auto-updates)

New software releases often fix known security vulnerabilities. Yet, one of the biggest reasons Android remains prone to malware is that different manufacturers use different methods for rolling out the latest operating system updates — including Samsung, Motorola, and Xiaomi. 

Make sure all of your apps have the latest version installed, and remove any older apps that you don’t use. Then, make sure you enable auto-updates to keep your apps up to date.

The update process for your device may differ depending on the model and brand. Here are a few resources to help you set up auto-updates on your Android device: 

• Samsung devices
• Motorola devices
• Google Pixel devices
• OnePlus devices

💡 Related: How To Remove Adware From Android Phones and Tablets →

Step 3: Protect against further vulnerabilities

Even if you’ve removed malicious apps and malware, such as ransomware or spyware, you’ll want to take additional security measures to protect yourself against scams and hacking. Follow these steps to clean up your cyber hygiene and stay safe:

Change your passwords

If hackers have compromised your phone, you should assume they know your login credentials. Confirm that you have access to your most important accounts — online banking, email, social media, etc. Then, update your credentials, and enable two-factor authentication (2FA) whenever possible.

• Update your passwords from a different device. Some spyware can track all of the activity on your Android device — so you could accidentally give hackers your new passwords if you use a previously hacked device to update your accounts.
• Request a password reset. If you can’t get into an account, you’ll need to go through the password reset process and potentially prove that you’re the proper account owner. For example, here’s how to recover a hacked Gmail account.
• Make sure your new passwords are strong and unique. If you can still log in to your accounts, update your passwords. Make sure you use a password that is longer than 10 characters and includes a unique combination of uppercase and lowercase letters, symbols, and numbers. 
• Opt for an authenticator app over SMS messages. 2FA is one of the best methods to keep your accounts secure — but it’s much more effective to use an authenticator app such as Google Authenticator rather than have codes sent to your phone. 

💡 Related: How Do Hackers Get Passwords? (And How To Stop Them) →

Download an all-in-one digital security app

With access to all of the data and accounts on your Android device, scammers can potentially break into your online accounts, empty your savings, or even steal your identity.

Aura’s all-in-one digital security solution protects your devices and personal data from hackers and malware threats with:

• Robust digital security for all of your devices — including antivirus software, a military-grade VPN, a secure password manager, and Safe Browsing tools.
• Award-winning identity theft protection and credit monitoring to guard your Social Security number (SSN), bank accounts, and credit reports for signs of fraud.
• Up to $1 million in identity theft insurance to cover eligible losses such as stolen funds, lawyer fees, and personal expenses.‍
• 24/7 U.S.-based support provided by a team of fraud remediation experts who can address all of your questions and concerns, and help you recover from fraud.

Factory reset your Android phone

A factory reset will remove all data and settings from your phone and restore it to its original factory settings — so, it’s not something you want to take lightly. If you decide to factory reset your device, first make sure you have a backup of all of your data (along with your photos safely saved somewhere else).

The steps for resetting your device to factory settings are different for each manufacturer — but Google has put together a resource list to help you.

💡 Related: Why a Factory Reset Won't Always Remove Viruses (Do This Instead) → 

How Do You Know If Your Android Is Infected? 7 Signs of Malware

1. Your battery drains much faster than usual. Viruses and other malware run constantly in the background, draining your device’s resources and battery life faster than normal. Cryptojacking has risen since Bitcoin’s resurgence in 2024, encouraging hackers to hijack Android devices to mint new coins [*]. 
2. Your phone overheats or crashes. If a virus is draining resources from your Android device, it may cause apps to run slowly, crash, or stop working entirely. You may even notice your phone is overheating as it runs many processes in the background.
3. You see constant pop-ups when browsing the internet. If you see a lot of invasive pop-up ads, your phone may have an adware infection. SonicWall reported a rise in adware, with many malicious programs disguised as well-known gaming apps [*]. 
4. You see unfamiliar new apps on your home screen. While many Androids include harmless bloatware, watch out for new apps that you don’t remember downloading. The Xamalicious Trojan hides in health, games, horoscope, and productivity apps in the Google Play Store, which could allow hackers to take over your device [*]. 
5. You can’t access your online accounts. If you suddenly can’t access your email,  social media accounts, or banking accounts, your device may be compromised. ThreatFabric warned about a new banking malware in April 2024. Brokewell can record device touches — allowing hackers to take over your device and steal confidential data [*].  
6. People in your contacts list are receiving strange messages from you. If friends, family members, or other contacts receive strange text messages or direct messages (DMs) from you on WhatsApp, Facebook, or Instagram, your phone could be compromised. 
7. Your phone bill is higher than usual. TechCrunch reported how “Stalkerware relies on deep access to your device and is known to abuse Android’s accessibility mode.” [*]. These types of malware can use a lot of data, so watch out for unusually expensive phone bills.  

💡Related: How To Know If Your Phone Has a Virus →

How To Protect Your Phone Against Malware and Hacking

Preventing a virus from infecting your Android device is much easier than removing it. Here are some ways you can protect against Android malware infections to keep your device and accounts safe from cybercriminals and identity thieves:

• Only download apps from the official Google Play Store. Avoid apps that require additional steps like rooting your phone or downloading the apps from third-party websites or sketchy app stores.
• Enable Google Play Protect. Unfortunately, many malicious programs continue to infiltrate the Play Store. Google assures users that Google Play Protect helps users by “automatically removing or disabling apps” known to contain malware [*]. 
• Enable auto-updates on your phone and software. Software updates often contain vital security patches that help protect you from the latest viruses and malware.
• Turn off your phone once per week. Most people only turn off their phones during software updates. The NSA advises people to turn their devices off and on again once per week, which can help prevent zero-click exploits [*]. 
• Avoid using public Wi-Fi (especially to log in to accounts). Unsecured public Wi-Fi is very easy to compromise. Use a virtual private network (VPN) to connect to these accounts on public networks, especially when you access the internet in restaurants, airports, and hotels.

Effective malware protection is much more effective than trying to remove a virus that has already infected your device. 

With Aura’s all-in-one digital security solution, you get powerful antivirus protection, a military-grade VPN, secure password manager, advanced Safe Browsing tools, and more (including award-winning identity and fraud protection!) — along with 24/7 U.S.-based support and up to $1 million in insurance coverage.

Keep your devices and data safe with Aura — plans start at just $3/month!