Signs Your Android Has Malware

  • Battery draining much faster than usual
  • Phone running hot when idle
  • Unexpected data usage spikes
  • Pop-up ads appearing outside of browsers
  • Apps you did not install appearing
  • Phone running very slowly
  • Unusual charges on your phone bill

Step 1: Boot into Safe Mode

  1. 1

    Restart into Safe Mode

    Press and hold the power button. When the Power Off option appears, press and hold it until a Safe Mode prompt appears. Tap Safe Mode. The phone restarts with only built-in apps running — third-party apps (including malware) are disabled. “Safe Mode” appears in the corner of the screen.

  2. 2

    Identify and uninstall suspicious apps

    In Safe Mode, go to Settings → Apps. Look for apps you do not recognise, apps with no icon, apps with generic names like “System Service” or “Phone Manager” that you did not install, or any app installed around the time problems started. Tap the suspicious app → Uninstall. If Uninstall is greyed out, the app has Device Administrator privileges — see below.

  3. 3

    Remove Device Administrator status if needed

    Some malware grants itself Device Administrator privileges to prevent removal. Settings → Security → Device Admin Apps (location varies by Android version). Deactivate any unfamiliar apps here, then return to Apps and uninstall them.

Step 2: Scan with Malwarebytes

  1. 4

    Restart to normal mode and install Malwarebytes

    Restart normally. Download Malwarebytes for Android from the Play Store (free). Run a full scan. Follow prompts to remove any detected threats.

Step 3: Factory Reset (Last Resort)

If malware persists: back up contacts, photos and important data to Google Drive or a computer. Then Settings → General Management → Reset → Factory Data Reset. This completely wipes the phone and reinstalls Android fresh. Do not restore from a backup made while the phone was infected — restore only your contacts and photos, not apps.

Preventing Android malwareOnly install apps from the Google Play Store. Before installing, check the app’s reviews, developer name and permissions requested — be suspicious of apps requesting permissions unrelated to their function. Keep Android updated. Do not click links in unsolicited texts or emails. Avoid sideloading APK files from unknown sources.

Frequently Asked Questions

Drive-by downloads (malware installed just by visiting a website) are rare on modern patched Android. The more common vector is malicious apps — either from outside the Play Store or occasionally slipping through Play Store screening. Clicking phishing links can steal credentials but generally cannot install malware without user action. Keeping Android updated and only installing Play Store apps eliminates the vast majority of infection risk.
Google Play Protect (built into every Android phone) scans installed apps for malware automatically. It is not perfect but provides solid baseline protection. A permanent third-party antivirus app adds some extra protection but also uses battery, data and processing resources. For most users, Play Protect plus careful app installation habits is sufficient. Run Malwarebytes for a full scan if you suspect an infection rather than keeping it permanently installed.