Norton UK Blog

« Back to Norton Blog

The ultimate guide to mobile malware and dodgy apps

by Brian Cody

Malware is created by hackers and is often distributed over the internet. While many people are considerate of malware as a threat to their desktop computer or laptop, they tend to be more lax when it comes to their tablets and smartphones – which means mobile devices are ripe for the picking when it comes to identity theft, stolen personal information, emptied bank accounts, and viruses meant to break the device in question.

What types of mobile malware exist?


Grayware gets its name because it lives in the grey zone, in the murky middle. It’s a type of software or app that isn’t necessarily malicious but also isn’t squeaky clean. For example, while grayware might not come bundled with a virus, it may track your location or your data.

Usually, this extra ‘feature’ is outlined in the small print in the software licence agreement – so technically users actually agree to be tracked or served ads or have their information sold on to a third party - so always read the software licence agreement before hitting ‘download’.

A very popular type of malware is known as ‘madware’, or very aggressive ad libraries. An ad library is part of an app that tracks user information with the intention of using it for ad targeting. Some of these ad libraries are particularly aggressive, leaking personal information and creating icons for ads within the browser.


Ransomware was easily one of the most popular types of malware across the spectrum in 2015. Ransomware was given its name because of how it operates, locking a computer and rendering it completely useless until the user paid the hacker a sum of money – often in Bitcoin.

Cryptolocker was a particular virulent version of ransomware that did the rounds in 2013. Spearheaded by Russian hacker Evgeniy Bogachev, hackers extorted up to $3 million with the malware before it was shutdown.

Ransomware first hit Android in 2014, in the form of a notice from the FBI or the police. Unsuspecting victims were warned that their device had been seized by the FBI or a local police force for accessing illegal material. If they didn’t pay a sum of money by a set time to ‘release their data’, their computer would be wiped and all their files lost.

In early 2016, a number of major news websites were hit with ‘malvertisements’, malicious ads that tried to install ransomware onto devices. Targeting US users, the attack hit huge sites like BBC, AOL, the NFL, and the New York Times – putting the ads in front of a potential audience of hundreds of millions of visitors.

The ads work by redirecting the ad page to the servers hosting the malware. These servers host the Angler exploit kit which then seeks vulnerabilities in the user’s devices where it can install ransomware.

And, in case you’re thinking it, it’s not just an Android problem. While the vast majority of threats are targeted at Android, the Mac OS X had its first brush with ransomware in March 2016 as part of an infected installation of BitTorrent client Transmission.

Device-ruining malware

While grayware and ransomware are usually created with a specific goal, malware can have a broad range of ‘abilities’ like creating ads, spamming your phone, stealing your information, spying on everything you type/do, or infecting your phone with a virus that is intended to slow it down or occupy its memory so it’s virtually unusable.

In some cases, hackers created spoof/fake versions of real apps and uploaded them to various app stores to trick users into downloading them. Once they downloaded the fake version of the app, the victim would be hit with an onslaught of adware, spyware, and nasty viruses.

A potent malware called Android/PowerOffHijack even exists to trick users into thinking their phone has been switched off. In the fugue state, the phone can secretly make calls, take pictures, and operate – and all without the owner having any idea.  

How to tell if your mobile has been infected:

As most of us don’t actually run any kind of antimalware software on our mobile devices, we may not even know that our phone or tablet has been infected. Thankfully, there are several ways to tell if you’ve inadvertently picked up malware on your travels.

Your device has slowed down significantly

Often, malware and grayware take up more CPU and memory resources. If you find that apps take forever to start or a game or video you normally play with no trouble is going horrendously slowly, it could be a sure sign you’ve caught something nasty.

Pop-up messages and ads are popping up

While the vast majority of apps and sites come with ads on them, some forms of adware will create additional ads. These are often a different style (green and underlined for example) to regular ads and are much more intrusive or flashy.

Your device shuts on or off unexpectedly

Or it seems to have a mind of its own. If your device is doing things you didn’t ask it to, there’s a chance you’ve fallen foul of a sneaky hacker.

Your device has new settings

Your search engine or web browser has changed to something you definitely didn’t set it as. You have new apps, browser add-ons, extensions etc. that you definitely didn’t install. Likewise, if your phone bill or data usage has risen a lot – and with no good reasons -- malware may be accessing and using your data or phoning premium services without your permission.  

How to protect your phone from hackers

Malware can wreak plenty of havoc on our mobiles, even going so far as to steal identities or sneakily recording whole phone calls.
Scary as it is, you can protect your mobile device from prying hackers. How? Read on!

Pay attention to permissions

Many apps are notorious for asking for more access than they should need. For example, torch apps will sometimes ask for access to your contacts. Why does a torch need access to your contacts?

Simple answer: it doesn’t.

Read all the permission requests when installing an app. If it asks for anything that seems suspicious, cancel the installation and try a different app instead. Likewise, make some kind of attempt to read the licencing agreement.

With grayware, you might have no idea that you’ve agreed to let the app pass your data on to third parties.
At least if you read the software licence agreement, you’ll know what you’re actually giving the app permission to do. If it seems too invasive, you can cancel installation.

Install apps from trusted sources

You might be tempted by a cool app you’ve stumbled across on the internet. However, we strongly recommend only downloading apps from trusted sources like Google Play and the App Store. If you download an app you find on a site somewhere on the internet, it could come bundled with malware and cause all kinds of trouble.

At least in the App Store or Google Play, you can check reviews to see if other users have had a negative experience.

Update your operating system

With Apple’s iOS, you’ll get a request to update your software. With Android, you may have to manually check if an update is due. OS updates are often issued to fix past vulnerabilities with the system so they are tougher to hack.

Want to keep your mobile devices safe from hackers?

If you’re a mobile user, Norton Mobile Security will keep your phone safe from online threats. Features include a remote locator to find your phone if you lose/misplace it, the option to scan apps before you download them, anti-phishing functionality, and malware protection.

Your phone is a big part of your life, so why not make sure it keeps in top-tip shape for longer?  

Stealing your identity can be easy. Good thing calling us is too.

Help with identity theft starts here. Trusted by millions of customers around the globe. Get Antivirus, Online Privacy, and in case of identity theft, Identity restoration support.

Get our award winning Norton protection

PC Mag:

A trademark of Ziff Davis, LLC. Used under license. Reprinted with permission. © 2022 Ziff Davis, LLC. All Rights Reserved

No one can prevent all cybercrime or identity theft.

The Norton brand is part of NortonLifeLock Inc.

Copyright © 2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.


Follow us for all the latest news, tips and updates.