How I infected my phone with a virus
Smartphones are still shrouded by various myths. Reports say that long telephone conversations may cause tumors, your signal may weaken if you move too quickly, and strong signals from base stations could kill people. Whether or not these things are true remains a mystery, but one thing that we do know is real is the threat of mobile malware.
Malicious programs are able to steal funds from your bank account, extract personal information, lock your phone screen, and render a smartphone useless, among other things. According to Statista, as of March 2018, "the total number of Android malware detections amounted to over 26.6 million programs." All of this got me wondering about how easy it is to infect the phone with a virus, so I decided to try it out and document my journey.
For this test, I tried to infect a smartphone, having previously removed the antivirus software and all security features. My victim was a relatively old Moto G3 with Android 6.
In this post, I’ll explain my process and results. I’ll also describe how viruses penetrate smartphones and how to prevent this happening to you.
Unsuccessful attempts to infect my smartphone
I tried various methods to infect my smartphone, the first of which were unsuccessful. Here are the various methods I attempted:
- Googled "Watch Annabelle movie on Android free" and clicked external links on getandroidstu**.com -- No luck as no viruses were found.
- Downloaded jokes from freeso**.ru/prikoly/download -- jokes are there but no viruses.
- Went to the site watchmygirlfriend.gfpornb**.com and followed the links -- no viruses here either.
- Looked for free games on suspicious websites -- all proposed options were official games.
- Googled "Nude celeb photos" -- no malware was found or downloaded.
- Found a dubious lottery website, answered all questions, and won. A letter confirming the prize should have arrived at the address indicated by me -- the message never arrived.
After a couple of days of searching for malware, I received a strange message with a tempting offer to exchange free games for paid games, free of charge. I followed the link but failed again and got the message "Server not found."
Without giving up hope of infecting my device, I decided to install the hacked root-obtaining software, KingRoot. By installing this app on Android, you gain access to admin rights that are inaccessible to the average user. These open up numerous possibilities for controlling the device.
I read that infected KingRoot contains malicious code that steals user data. Again a surprise was waiting for me. Unfortunately, this utility cannot be installed on a Moto G3.
How I eventually infected my smartphone
In despair, I asked friends and colleagues to send all questionable instant messages, text messages, and emails with suspicious links to my phone number. After clicking one of the links, I saw a pop-up window suggesting to install Doctor Clean. The link directed me to the official Google Play Store. Doctor Clean promised to speed up the system, remove unnecessary files, and save battery life. But user reviews indicated that something was wrong with it.
Doctor Clean requested access to all available phone features. After giving such permissions, it installed two more applications needed for "phone acceleration" and "sleep mode." In turn, one of these apps installed two more applications. In all, I wound up installing five apps instead of one.
The next day, I saw an ad that covered the entire screen. In fact, every time I unlocked the screen, I saw a new colorful full-screen banner. In order to answer an incoming call, I had to look for a small cross hiding the ad. Along with this, the smartphone started to work slower. Periodically, the lock screen stopped responding to my touches.
After that, I decided to install Bitdefender Mobile Security and scan the device. Bitdefender found nothing. I then installed Malwarebytes Anti-Malware. Malwarebytes found all five unwanted\dangerous apps and removed all of them successfully.
What I learned from this exercise
From my personal experience, it turned out that installing malware on a phone is not a trivial task. Presumably, Android OS and security applications successfully recognize threats and protected the device. To infect the phone, you have to completely ignore all system warnings and disable security features in advance.
Yes, Google Play does not have a great record of properly vetting apps, and there have been numerous cases where apps have been removed after malware was discovered on them. But still, it was easier to download malicious applications in the past. Now all applications in the Google Play Store are getting audited better than several years ago. In order to install an unofficial application, you will need to find and disable the corresponding function in the settings.
How viruses may penetrate your smartphone and how to stay safe
Just because I had a tough time infecting my smartphone doesn’t mean you should assume your phone is always safe. Viruses can and do penetrate these systems. Here are some of the methods by which viruses may be installed and how to prevent against them.
- Emails and messages with malicious links. These may be disguised as job offers, letters from the police, antivirus alerts, coupons, discounts, and more. You often see a short message and have to click a link to find out the "details."
PROTECTION: Never click on suspicious links. If you’re unsure, call the alleged sender (using details from their legitimate website) to ask if they sent you anything.
- Downloading unlicensed and questionable applications from unknown sources. These apps are often bundled with malware.
PROTECTION: Only install apps from Google Play or Apple App Store and do not jailbreak or root your device.
- Connecting to public Wi-Fi. Through unprotected Wi-Fi access points, hackers intercept sensitive information. They may later take over accounts, steal money, and infect the smartphone.
PROTECTION: Use VPN services when you have to connect to public Wi-Fi networks. Those will encrypt all traffic and hide your IP.
- Websites with numerous pop-ups and banner ads. They offer to download anything very quickly, without registration and payment, and all you have to do is click the link. Some banners imitate alerts and messages from the FBI or NSA. Their goal is to make you panic and push you to follow the link.
PROTECTION: Again, do not click any suspicious ads or links.
- Infected memory cards. Sometimes malware disguised as an application is saved to a memory card and when you insert it into a smartphone, you may get infected. Malware still needs to get your approval and may ask you, for example, to agree to update the Chrome browser, which you may have never even installed.
PROTECTION: Do not insert memory cards given to you by strangers or that you found.
- Torrenting sites. Be wary of torrenting sites as these are reported to be the source of millions of malware infections.
PROTECTION: If you must visit torrenting sites, have a solid antivirus software installed and use a VPN suitable for torrenting.
How to find out if your phone has been infected
In most cases, there are one or more telltale signs that your phone has been infected. Here are some things to look out for:
- A prepaid phone account quickly runs out of money.
- Your phone history shows messages that you didn’t send and calls you didn’t make.
- Your data gets used up by unknown applications.
- The overall performance speed of the smartphone decreases.
- Your smartphone heats up and battery life shortens quickly.
- Some applications are "buggy" and do not open.
- Excessive ads appear in apps and on the screen.
Where to look for malware and how to distinguish it from a legitimate application
Most often, viruses are disguised as ordinary applications. They have the .apk extension and are saved to the "Download" folder.
You should watch out for anything odd during the installation of an application. If it requests access to paid features or rights to any of the following, that should be a red flag:
- View and send SMS.
- View and make calls.
- Access to attached bank cards.
If the application is not downloaded from the official store and asks to access personal data, you can be almost certain it’s a virus.