malwarebytes banner

Smartphone malware

Tutorials and virus removal guides, that will help you get rid of malware, that infects iOS and Android systems of your smartphones. Simple instructions and the best antivirus software for mobile devices.

How to remove Hydra Banking Trojan (Android)

Recently discovered by cybersecurity researchers at MalwareHunterTeam and Cyble, Hydra has developed a new banking trojan variant designed to infect Android devices. It mimics itself under the Play Store app called Document Manager, with over 10,000 downloads in total. Users who download this app and allow certain permissions required by it will experience substantial security threats. The trojan was specifically reported targeting the second-biggest German bank, named Commerzbank. It requests more than 20 permissions, which, in case allowed, will let threat actors to do whatever they want with your smartphone - e.g. monitor passwords entered in apps, alter various settings, manage phone calls and SMS messages, lock and unlock the infected device, disable antivirus activity, record camera footage and deploy tons of other malicious tasks aimed at stealing finance-related credentials. It is also possible that other collected data like phone or social media contacts may also be abused for tricking people into downloading fake software that executes infections. The most popular symptoms of trojans running within a smartphone system are lags, moments of freezing, overheating, random opening of websites or apps, and other signs of weird behavior that were not present before. Trojans like Hydra are extremely dangerous, and it is important to stop their malicious action by performing the full-blown deletion. It may be hard to do on your own without relevant knowledge, so we prepared a thorough guide to help you succeed in removing Hydra Banking Trojan from your Android device.

How to remove Android Calendar virus

Often mistaken by a separate virus, messages spamming Google Calendar events are actually related to a malicious/unwanted app that might be running on your Android device. Many victims complain that messages usually appear all over the calendar and attempt to persuade users into clicking on deceptive links. It is likely that after an unwanted application was installed, users experiencing spam at the moment granted access to certain features including permissions to modify Google Calendar events. The links may therefore lead to external websites designed to install malware and other types of infections. In fact, whatever information claimed by them ("severe virus detected"; "virus alert"; "clear your device", etc.) is most likely fake and has nothing to do with reality. In order to fix this and prevent your calendar from being cluttered with such spam messages, it is important to find and remove an application causing the issue and reset the calendar to clean up unwanted events.

How to remove L3MON RAT (Android)

L3MON RAT is a type of trojan allowing its profiteers to access Android devices and control them remotely. The virus employs a cloud-based android management utility to encourage remote manipulations directly from web browsers. Upon successful infiltration, L3MON RAT becomes able to steal various types of sensitive data (e.g. SMS messages, contacts, call history, messages sent and received on WhatsApp and Signal, entered passwords, etc.). It is also able to record audio and surveil other log-in attempts by users. In other words, this malicious software can see whatever is being done during device usage. Depending on how valuable the collected information is, it can therefore be abused to enter banking accounts, perform unauthorized transactions, or even communicate with the collected contacts (for instance, your friends) to impose something under your name. General symptoms indicating that your Android device is under infection are slow/buggy performance, reduced response time, intermediate screen blackouts, decreased battery life, questionable push notifications, and other things implemented without users' permission. L3MON is an open-access trojan, which can be purchased and used by any hacker willing to do so. It is highly devastating and must be removed immediately upon its detection. Use our free guide below to do it correctly and without traces.

How to remove Octo banking trojan (Android)

Octo is the name of a banking trojan seeking to cause financial fraud on Android smartphones. Some consider it is a rebranded version of ExobotCompact - another devastating trojan designed to target finance-related abuse. Octo possesses a wide range of remote-access abilities to fulfill its fraudulent blueprint. After successfully attacking the system, Octo banking trojan becomes fully eligible to read and capture various device sectors. Any information entered by users in real-time (log-in credentials, keystrokes, screen lock PIN codes, etc.) can be recorded and therefore used to carry out overlay attacks on banking-related apps. This means the virus is able to read the content of any app displayed on the screen and provide the actor with sufficient information to perform fraudulent actions. The C2 server allows cybercriminals to send any commands they want and literally have full control of your device to perform monetary transactions without your consent. In addition, Octo may hijack SMS features to feed your contacts with phishing links designed to install the virus as well. Developers of this trojan also made sure there are persistence measures to prevent traditional uninstallation and antivirus detection. Capabilities of Octo banking trojan can be marked similar to other renowned trojans like Cerberus and Medusa, for instance. Malware of this type if truly devastating and it is important to know working solutions to remove it. We encourage you to use our guide and apply removal instructions below.

How to remove Cerberus banking trojan (Android)

Discovered in 2019, Cerberus is a malicious program categorized as a banking trojan that has been targetting Android users. This application is disguised as Adobe Flash Player Updater and gets downloaded as an .apk file. Alike executable files, .apk extensions are meant to initiate the installation of applications. Whilst users think that it will update the promised software, they inadvertently get infected with a malicious program without consent. Thereafter, cybercriminals can control your device by connecting to a botnet and receiving commands from Command & Control (C2) server. Once extortionists establish contact with your device, they can easily operate it by sending commands remotely. This means that swindlers are able to see and gather sensitive data, credentials, change settings, and run other manipulations that expose your activity to third parties. Note that social networks and bank accounts can be hacked and hijacked for scams and revenue purposes. If you suspect Cerberus infected your device, then you should perform an immediate scan and delete it as soon as possible. We will discuss how to do it a little bit deeper in the article below.

How to remove Escobar malware (Android)

Previously known under the name of Aberebot, Escobar is a banking trojan developed for Android. The main goal of such software lies in the pursuit of valuable information that cybercriminals seek to capitalize on. After successfully committing an attack on Android devices, Escobar obtains a wide number of capabilities - it is, therefore, able to send remote commands, control the screen, manipulate SMS messages, record audio, take photos, disable protection, memorize keystrokes, redirect to websites asking to enter login credentials, modify the list of installed applications, and many other actions as well. In short, Escobar gains the entire control over your device which makes it almost unlimited in doing whatever it wants. The rebranded banking trojan also acquired a feature of looking into the Google Authenticator and recording one-time-use passwords from it. Escobar malware is now explicitly advertised on hacking forums at a price of 3000$ per monthly subscription. The recorded information may be afterwards used to access banking accounts and perform transactions without the consent of actual owners. Escobar is a very devastating infection. Its presence may lead to many privacy issues and risks of losing the finance. Thus, it is important to delete it from your Android smartphone as soon as possible before it does even more damage.