Jamf Blog
A hacker in a hoodie; code superimposed in front of him
May 4, 2018 by Liarna La Porta

4 ways hackers are infiltrating phones with malware on Android phones

It’s not hard to tell if your desktop computer is infected with malware – it might slow down, ads or notifications saying you’ve won a prize keep popping up, it crashes unexpectedly, the fan starts whirring noisily and unfamiliar icons show up on your desktop. But do you know how to check malware on Android phones?

A phone infected with malware behaves a little differently. You can have a corrupted phone with malware lurking in the shadows and you will probably not even realize. There is no fan or taskbar or pop-up windows or other symptoms that give away the infection.


According to our research, the number of malicious malware installation packages found striking mobile devices more than tripled in 2016, resulting in almost 40 million attacks globally.


While malware on Android is much more prevalent, that doesn’t mean you shouldn’t be aware of iOS malware. Malware infects both platforms and can have devastating effects on an enterprise. It’s important for IT administrators to know how to avoid mobile malware and the best way to get rid of viruses on a phone.

How hackers are infecting phones with malware

Cybercriminals looking to have a greater return focus their efforts on organizations and use a variety of tactics to infect the maximum number of corporate devices with their malware variants.

1. Infected applications

Compromised applications are the most common delivery system used by hackers to transfer malware to users’ devices. Malware operators will usually choose popular apps to repackage or infect, increasing the likelihood that victims will download their rogue version. Sometimes, however, they will come up with brand new applications.
Infected applications are usually found on third-party app stores. These online stores tend to set their acceptance bars lower than, for instance, on Google Play or the App Store, making it simpler for cybercriminals to post malicious apps. However, there have been multiple instances of malicious apps being uncovered and removed from the official app stores, such as the purge of 250 fake iOS apps from the App Store in 2015, but not before they’ve been downloaded thousands (and sometimes millions) of times by innocent users.

2. Malvertising

Malvertising is the practice of inserting malware into legitimate online ad networks to target a broad spectrum of end users. The ads appear to be perfectly normal and appear on a wide range of apps and web pages.


Once the user clicks on the ad, his or her device is immediately infected with the malware. Some more aggressive malvertisements for example, take up the entire screen of the device while the user is browsing the web. Faced with this situation, many users’ first response will be to touch the screen, triggering the malicious download.

3. Scams

Scams are common tools used by hackers to infect mobile devices with malware. They rely on a user being redirected to a malicious web page, either through a web redirect or pop-up screen. In more targeted cases, a link to the infected page is sent directly to an individual in an email or text message.


Once the user is taken to the infected site, the code within the page automatically triggers the malicious software download. The website is usually disguised to look legitimate in order to get users to accept the file onto their devices.

4. Direct to device

Possibly the most James Bond-esque infection method, direct to device, dictates that the hacker must actually touch the phone in order to install the malware. Usually, this involves plugging the device into a computer and directly downloading the malicious software onto it (also known as sideloading).
As far-fetched as it may sound, many high-profile attacks occur this way. Small groups of hackers have been known to carry out extremely targeted attacks on high-profile individuals, infecting phones when they leave them unattended.

Types of mobile malware

While malware on Android hasn’t quite reached the same scale as desktop malware, more mobile-specific malware designed to attack smartphone features and vulnerabilities are emerging.


Mobile malware on Android phones, or any devices for that matter, can be broken out into no fewer than seven main types. The important thing to remember about these categories is that many malware variants don’t fall into just one of them. When referring to a category, experts are referring to the malware’s primary functionality.
As hackers get more intelligent, malware variants have started to advance, and many now perform more than one function.


A variant, for example, could be considered a trojan while also falling into the category of ransomware. A malware that roots a device (rooting malware) could also steal bank credentials (banker malware).


Here are some of the most popular types of mobile malware today:

  • Adware – shows frequent ads to a user in the form of pop-ups, sometimes leading to the unintended redirection of users to web pages or applications
  • Banker malware – attempts to steal users’ bank credentials without their knowledge
  • Ransomware – demands money from users and, in exchange, promises to release either the files or the functionality of the devices being ‘held hostage’
  • Rooting malware – ‘roots’ the device, essentially unlocking the operating system and obtaining escalated privileges
  • SMS malware – manipulates devices to send and intercept text messages resulting in SMS charges. The user is usually not aware of the activity
  • Spyware – monitors and records information about users’ actions on their devices without their knowledge or permission
  • Trojan – hides itself within a piece of seemingly innocent, legitimate software

How to get a virus off Android

There is a lot more information about virus removal for Android than iOS online making it easier to find ways to detect it. You might discover you have malware on your phone using an online malware scan for Android or an Android adware detector, for example, but do you know how to stop a virus on your phone? Here are some simple steps you can take to remove viruses or malware from your Android device.
Uninstall the malicious app by going to the settings menu. Then click on Apps or Application Manager. Then touch the app you’d like to uninstall, select Clear Cache, then select Clear Data and then select Uninstall.
To make sure your phone stays free of malware, the most widely used technique is a regular scan for malware using an antivirus application. Though we do advise you to proceed with caution since it was revealed in September 2017 that one of these apps called CCleaner was breached by hackers.

The best defense against mobile malware on Android phones

So if antivirus isn’t the answer, what are the possible mobile security solutions? What you need is a more robust method of identifying and blocking potential threats including mobile malware.


With gateway infrastructure, Jamf Protect can detect and intercept malware before it reaches the device. The intuitive technology uses cloud intelligence from millions of scanned devices to surface new threats and flag unusual activity. Malicious apps can then be scrutinized in real-time, providing zero-day threat detection that you can rely on. If a vulnerability is detected within an application, you can disable the software across a fleet of devices to secure your data within seconds.

Photo of Liarna La Porta
Liarna La Porta
Jamf
Liarna La Porta, Manager, Corporate Communications
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.