Android 的最大优势之一是平台的开放性。与 iOS 设备不同,您可以自由安装所需的任何软件。不幸的是,这也是问题的根源。
向官方应用商店以外的软件开放Android会引入恶意软件的可能性。如果您的Android手机受到恶意软件的影响,您需要尽快将其删除。在本文中,您将了解如何操作。
我有恶意软件吗?
我们假设您在阅读本文后,怀疑您的Android手机感染了恶意软件。但是,恶意软件(malware)比您想象的要少。您需要注意一些典型的恶意软件症状:
- 手机性能突然下降,即使在重新启动后也是如此。
- 突然的,无法解释的电池耗尽。
- 尽管您的在线习惯相同,但您的移动数据使用量仍会激增。
- 您会看到不记得安装的应用程序。
- 过多的、不需要的弹出广告。
如果这听起来像您,让我们继续讨论如何处理您的恶意软件问题。
关掉电话!
如果您非常确定您的手机感染了恶意软件,请将其完全关闭。这应该可以防止恶意软件“打电话回家”,并可能进一步感染和控制您的设备。使用时取出SIM卡。
当您准备好再次打开手机时,请将其置于飞行模式(Airplane Mode)或关闭WiFi路由器以防止设备连接到互联网。希望(Hopefully)在您的任何私人数据被发送回恶意软件作者之前,您已经切断了与手机的通信。
使用防病毒应用程序
使用防病毒软件是在Android(Android)设备上处理恶意软件时最明显的做法,但有些读者可能不知道存在防病毒应用程序。当然,最好在手机被感染之前安装防病毒应用程序。
这是因为某些恶意软件可能会干扰防病毒应用程序的安装。如果防病毒应用程序为时已晚,我们将介绍一些您可以做的事情。如果您仍然可以安装防病毒应用程序,请查看五个最佳 Android 防病毒和安全应用程序(The Five Best Android Antivirus and Security Apps),了解经过验证且有效的选项。
将手机置于安全模式
就像大多数台式电脑一样,Android提供了“安全模式(Safe Mode)”。在此模式下,手机不允许运行任何第三方应用程序。这是测试它是否实际上是导致您的问题的应用程序的好方法。如果您的手机问题在安全模式下(Safe Mode)消失,则可能是恶意软件。
要在Android 6及更新版本的设备上进入安全模式(Safe Mode):
- 按下电源按钮(power button)。
- 在选项中,点击并按住关机(Power Off)。
- 当您看到Reboot to Safe Mode时,选择它并确认。
现在,等待您的手机重新启动。在安全模式下(Mode),您仍然可以删除应用程序,因此这是卸载您最怀疑的应用程序的好机会。如果幸运的话,这可能会删除恶意软件。
如果你不是那么幸运,你至少会停止它的一些功能,允许你在必要时安装一个受信任的防病毒应用程序。
在安全模式下(Safe Mode),删除应用程序管理员权限(Remove App Admin Privileges)
安全模式(Mode)会暂时停止第三方应用程序在您的手机上执行的任何操作。如上所述,您可以借此机会删除可疑应用程序。但是,您还应该借此机会查看哪些应用程序被列为“设备管理员”。具有这种特权级别的应用程序可以做一些极端的事情,例如擦除整个手机。
某些应用程序需要管理员权限才能完成工作,但此类应用程序在设备(Device) 管理员(Administrators)列表中列出了明确的理由。
获取具有管理员权限的应用程序列表可能因一部手机而异,但路径应类似于Settings > Security > Device Administrators。
在我们的三星 S21 Ultra(Samsung S21 Ultra)设备上,该菜单称为“设备(Device)管理应用程序”,并列在生物识别(Biometrics)和安全菜单中的“其他安全设置”下。很少有应用程序应该启用此权限,并且您应该为任何您不确定是否(for sure)应该完全控制您的手机的应用程序禁用此权限。
恢复出厂设置您的手机
是的,完全擦除手机并将其重置为开箱即用状态可能会让人感觉有点过激。但是,这可能是从Android手机中删除恶意软件的最快方法。
对于大多数人来说,这应该只是轻微的不便,因为您的所有信息都在云端。因此,一旦您在重置后使用您的Google帐户登录,您的数据应该会自动恢复。在重置之前,请阅读Google的备份和恢复文档(backup and restore document),以便确定它是如何工作的。
Rootkit 等严重感染
某些(Certain)类型的恶意软件被证明比典型的错误更难从您的Android手机中删除。(Android)他们中的一些人是如此坚韧,以至于他们将在工厂重置后幸存下来!Rootkit 是这种难以杀死的恶意程序的典型例子。
rootkit 是一种将自身安装到操作系统核心部分的恶意软件。通常,运行手机的软件的那些关键部分是完全禁止使用的,但黑客一直在系统中发现漏洞并利用这些漏洞来安装 rootkit。
Rootkit 几乎不可能被检测到,但编写不佳的 rootkit 仍然可以产生典型的恶意软件症状。它们是最危险的恶意软件形式,因为它们可以让陌生人完全控制您的手机。他们可以监视您并根据自己的喜好处理您的手机数据。
防病毒制造商并没有坐以待毙。Avast Antivirus等应用程序(Apps)还带有内置的 rootkit 扫描程序。当然,由于我们不知道这些扫描程序遗漏的 rootkit,它们的效果如何尚不清楚,但总比没有好!
一盎司的预防
希望如果您感染了恶意软件,上述提示有助于清除您的手机中的邪恶。如果事实证明您没有被感染,那就更好了!
现在我们首先需要谈谈不被恶意软件感染或受害:
- 除非您 100% 确定第三方应用程序的来源,否则只能从官方Google Play 商店安装应用程序。(Google Play Store)
- 不要从提供盗版应用程序副本的网站旁加载应用程序。(sideload)
- 除非您确切知道风险是什么以及如何弥补风险,否则不要扎根手机。
- 使用公共USB充电点时,请使用仅供电电缆(power-only cable)以避免恶意软件嵌入被黑客入侵的充电器中。
- 仔细考虑(Think)应用程序要求哪些权限以及它们是否需要这些权限才能工作。如果不是,则拒绝该权限,如果该应用程序拒绝工作,则将其删除。
- 不要安装来自未知品牌的“免费防病毒”应用程序或单击承诺免费恶意软件扫描的链接。这些很可能是“恐吓软件”或其他形式的恶意软件本身。
发现您的手机上安装了恶意软件可能会让人感觉非常违规,但是通过正确的保护措施,您几乎肯定会从一开始就避免成为受害者。
How to Remove Malware From an Android Phone
Onе of Android’s greatest strengths is the oреn nature of the platform. Unlike iOЅ devices, уou’re free to install any software you want. Unfortunately, that’ѕ also a source of problems.
Opening Android up to software outside of the official app store introduces the possibility of malware. If your Android phone has been afflicted by malware, you’ll want to remove it as soon as possible. In this article, you’ll learn how.
Do I Have Malware?
We assume that since you’re reading this article, you suspect that your Android phone has a malware infection. However, malware is rarer than you might think. There are a few typical malware symptoms you’ll want to be aware of:
- A sudden drop in phone performance, even after restarting.
- Sudden, unexplained battery drain.
- Your mobile data usage spikes despite your online habits being the same.
- You see apps that you don’t remember installing.
- Excessive, unwanted popup ads.
If that sounds like you, let’s move on to how you can deal with your malware issue.
Switch Off the Phone!
If you’re highly confident that your phone is infected with malware, switch it off completely. This should prevent the malware from “phoning home” and perhaps further infecting and taking control of your device. Remove the SIM card while you’re at it.
When you’re ready to turn the phone on again, put it in Airplane Mode or switch off your WiFi router to prevent the device from connecting to the internet. Hopefully, you’ve cut off communications from the phone before any of your private data has been sent back to the malware authors.
Use an Antivirus App
Using antivirus software is the most obvious thing to do when dealing with malware on an Android device, but some readers may not know that antivirus apps exist. Of course, it would be better to install an antivirus app before your phone is infected.
That’s because some malware might interfere with the installation of antivirus applications. We’ll cover a few things you can do if it’s too late for an antivirus app. If installing an antivirus app is still viable for you, check out The Five Best Android Antivirus and Security Apps for verified and effective options.
Put Your Phone Into Safe Mode
Just like most desktop computers, Android offers a “Safe Mode.” In this mode, the phone doesn’t allow any third-party applications to run. It’s a good way to test whether it is in fact an app that’s causing your issues. If your phone’s problems disappear in Safe Mode, it’s likely malware.
To enter Safe Mode on Android 6 device and newer:
- Press the power button.
- From the options, tap and hold Power Off.
- When you see Reboot to Safe Mode, select it and confirm.
Now, wait for your phone to restart. In Safe Mode, you can still remove apps, so this is a good opportunity to uninstall the apps you’re most suspicious of. If you’re lucky, that might remove the malware.
If you’re not that lucky, you’ll at least have stopped some of its functionality, allowing you to install a trusted antivirus app if necessary.
In Safe Mode, Remove App Admin Privileges
Safe Mode temporarily puts a stop to whatever third-party apps are doing on your phone. As mentioned above, you can use this as a chance to delete suspicious apps. However, you should also take the opportunity to review which applications are listed as “Device Administrators.” Apps with this level of privilege can do extreme things, such as erasing the entire phone.
Some applications need administrator privileges to do their job, but such apps have explicit justifications listed in the Device Administrators list.
Getting to your list of apps with administrator rights can vary from one phone to the next, but the path should be something like Settings > Security > Device Administrators.
On our Samsung S21 Ultra unit, the menu is called “Device admin apps” and is listed under “Other security settings” within the Biometrics and security menu. Few apps should have this privilege toggled on, and you should disable this permission for any applications you don’t know for sure should have complete control of your phone.
Factory Reset Your Phone
Yes, completely wiping and resetting your phone to its out-of-the-box state may feel a little drastic. However, it could be the fastest way to remove malware from an Android phone.
It should be no more than a mild inconvenience for most people since all your information is in the cloud. So, once you’ve signed in with your Google account after the reset, your data should be restored automatically. Before you reset, read Google’s backup and restore document, so you’re sure how it works.
Serious Infections Such As Rootkits
Certain types of malware prove harder to remove from your Android phone than your typical bug. Some of them are so tough that they’ll survive a factory reset! Rootkits are a prime example of such a hard-to-kill malicious program.
A rootkit is a type of malware that installs itself into the core parts of the operating system. Normally, those critical parts of the software running your phone would be completely off-limits, but hackers find exploits in systems all the time and use those to enable the installation of rootkits.
Rootkits are almost impossible to detect, but poorly-written ones can still produce classic malware symptoms. They are the most dangerous form of malware because they offer complete control of your phone to a stranger. They can spy on you and do with your phone data what they like.
Antivirus makers aren’t sitting on their hands. Apps like Avast Antivirus also come with a built-in rootkit scanner. Of course, it’s not clear how effective they are because we can’t know about the rootkits these scanners miss, but it’s better than nothing!
An Ounce of Prevention
Hopefully, if you were infected with malware, the above tips have helped cleanse your phone of evil. If it turns out you weren’t infected, that’s even better news!
Now we need to talk about not getting infected or victimized by malware in the first place:
- Only install apps from the official Google Play Store unless you’re 100% sure where a third-party app is coming from.
- Don’t sideload apps from sites that provide pirated copies of apps.
- Don’t root your phone unless you know exactly what the risks are and how to compensate for them.
- When using public USB charging points, use a power-only cable to avoid malware embedded in hacked chargers.
- Think carefully about which permissions apps ask for and whether they need them to work. If not, deny the permission and if the app refuses to work, delete it.
- Don’t install “free antivirus” apps from unknown brands or click on links promising a free malware scan. These are likely “scareware” or another form of malware themselves.
Finding out you’ve got malware on your phone can feel like quite a violation, but with the right safeguards, you’ll almost certainly avoid becoming a victim in the first place.