Android malware often tries to trick you. A mobile app called Ads Blocker, for instance, bills itself as a useful service for cutting back on pesky mobile ads, which sometimes pop up to cover your screen just when you’re about to access something important. But users quickly found the app was nothing less than malware that just served up more ads, according to security researchers.

It’s just one example of malware that can frustrate Android phone users, plaguing them with ads that the creators get paid to display, even when users are looking at unrelated apps. Malware often also harvests fake clicks on the ads, doubling up on the value for the makers.

“They’re making money,” said Nathan Collier, a researcher at internet security company Malwarebytes who helped identify the bogus ad blocker in November, “And that’s the name of the game.”

Researchers say adware like Ads Blocker is the most common type of malware on Android devices. Other malicious apps, however, can do worse things than make your phone so frustrating to use that you want to Hulk out and crush it — like steal personal information from your phone. 

SpyDealer Android Malware Can Steal Data From Over 40 Apps

Malware can be disorienting, getting in the way of how you normally use your phone and making you feel uneasy even if you aren’t sure what’s causing the problem. It’s also very common. Malwarebytes says it found close to 200,000 total instances of malware on its customers’ devices in May and then again in June.  So how do you know if you have malware on your phone, and how can you stop it? Here are some takeaways from mobile malware experts on what you can do.

How malware on your phone works

Mobile malware typically takes one of two approaches, said Adam Bauer, a security researcher for mobile security company Lookout. The first type of malware tricks you into granting permissions that let it access sensitive information. 

That’s where the Ads Blocker app fits in, and many of the permissions it requested sound like something a real ad blocker would have needed. But they also let the app run constantly in the background and show users ads even when they were using unrelated apps.

The second type of malware exploits vulnerabilities in phones, gaining access to sensitive information by giving itself administrator privileges. That reduces the need to get users to click “OK” on permissions requests, making it easier for malware to run without users noticing its presence on the device.

Signs of malware on your phone

If you notice these things happening, your phone might be afflicted:

  • You’re seeing ads constantly, regardless of which app you’re using.
  • You install an app, and then the icon immediately disappears.
  • Your battery is draining much faster than usual.
  • You see apps you don’t recognize on your phone.

These are all worrying signs that mean you should investigate further.

Ransomware on Android phones

Another type of malware is ransomware. Victims typically see their files locked away and unable to be used. Typically, a pop-up demands payment in bitcoin to get them back. Thankfully, most Android ransomware can only lock up files on external storage such as photos, Bauer said.

What mobile malware is capable of

Besides making you miserable with constant ads, mobile malware can access private information. Common targets include:

  • Your banking credentials
  • Your device information
  • Your phone number or email address
  • Your contact lists

Hackers can use this information for a variety of malevolent tasks. They can commit identity theft with your banking credentials. The Anubis banking Trojan, for example, accomplishes this by tricking users into granting it the access to an Android phone’s accessibility features. This, in turn, allows the malware to log every app that users launch and the text they enter, including passwords. After users grant the permission one time, the malware’s activity is completely invisible on screen, with no sign anything malevolent is happening as users log into their accounts.

Hackers can also use malware to collect and sell your device and contact information, until you’re flooded with robocalls, texts and, oh yeah, more ads; and they can send links for more malware to everyone on your contacts list. If you suspect your information has already been caught up in the robocall machine, you can see what your phone carrier offers to help keep the annoying phone calls to a minimum. For example, customers of T-Mobile, Sprint and MetroPCS will have access to Scam Shield, a free app announced in July.

How to stop mobile malware on your Android phone

Whether you think you already have malware on your Android device or you just want to protect yourself, there are clear steps you can take. 

First, keep your phone’s software updated. Security experts consistently rank a current OS and updated apps as one of the most important steps users can take to protect their devices and accounts. If you already have malware running on your phone, software updates from your phone-maker — say Android 10 or the upcoming Android 11 — can patch vulnerabilities and cut off the access the malicious software enjoyed. Updates can also keep malware from working in the first place.

Next, review what permissions your apps have. Does a game have the ability to send SMS messages? That’s probably unnecessary and could be a red flag, Bauer said. Keep this in mind when installing apps in the future, too. Removing apps you think are malicious can be tricky. At times you can just remove the app’s permissions, delete the app and be done with it. Other malicious apps will give themselves administrator privileges, so they can’t just be deleted without extra steps. If you have trouble removing a specific app, you can try looking it up online to find what has worked for other people.

You can also consider installing antivirus apps. These services can sometimes slow your phone, and they do have heightened access to your phone in order to spot malicious behavior and warn you, so you have to choose one you trust. And you’re likely to want to choose the paid option if you can, both to unlock all the best features and to avoid seeing even more ads. 

The apps can warn you about malware on your phone and offer you customer service when you need to deal with something nasty. At the very least, you can use a well-known program like Malwarebytes, Norton, Lookout or Bitdefender to scan your device if you think you already have malware installed.

Finally, you can get rid of or avoid Android apps downloaded from third-party app stores. These apps don’t go through review by Google and can more easily sneak malicious software onto your phone. Google doesn’t catch everything, as reports about malicious Android apps being removed show, but sticking to the official Google Play Store — and having a direct outlet to report problems you encounter — is a further line of defense.