Bad news: a malicious app has taken hold of about 10 million Android phones around the world, and it’s creepy.
Security specialist Check Point says the software, called HummingBad, can take root in your phone, collecting your personal data and making it act like you’ve clicked on ads that you haven’t.
Fortunately, there are steps you can take to see if HummingBad has roosted with you and started selling your information to the highest bidder. You can also get it off your phone, though the fix is only a few steps removed from “kill it with fire.” Best of all, you can make a change to keep yourself away from this danger in the future.
We live in an age of malicious mobile apps, and cybersecurity companies have taken note. They’ve produced apps that can detect bad actors on your phone and flag them for you. It works a little like antivirus software on your computer. What’s more, some of these services can tell just by what an app does that it’s up to no good.
You have a range of options when it comes to this protective phone software. Download one of these malware scanner on your phone, like Check Point’s own Zone Alarm, Lookout, AVG and Avast. Once the app is installed, run a malware scan.
The tools for catching HummingBad on mobile phones are now public information, so any service worth its salt will be able to detect it.
If you find you’re the owner of one of the millions of infected phones (only 288,800 of which are in the US), you can get rid of it, but you’re not going to like the approach: factory reset.
Alternatively, if you’re a cybersecurity black belt with a specialty in malicious mobile apps, you could painstakingly remove it, said Dan Wiley, head of incident response at Check Point. But if you’ve read this far, you probably don’t have those skills.
So back up your files and contacts, write down your favorite apps, and then reset your phone.
If you’re now looking at the generic wallpaper on your freshly reset phone, probably the last thing you want is a lecture. But Wiley has some advice you just might heed to keep this bad dream from becoming a recurring nightmare.
“The biggest thing I could say is, don’t download apps from untrusted stores,” Wiley said.
Most people in the US primarily buy their Android apps from the Google Play store, but in other countries, it’s more common to chance it by installing apps from other sources. These don’t have the same guarantees that come with apps that have gone through the Google vetting process, and can be shady.
That’s not enough to prevent this from ever happening again — hackers are clever like that — but it’s a good start.