malwarebytes banner

Smartphone malware

Tutorials and virus removal guides, that will help you get rid of malware, that infects iOS and Android systems of your smartphones. Simple instructions and the best antivirus software for mobile devices.

How to remove AppLovin (Android)

AppLovin is an adware application that infects users of Android smartphones. Although it may look like a legitimate and world-famous video-sharing service called TikTok, there is nothing common between them. AppLovin is fake and designed to promote various ads, pop-ups, coupons, and download pages that run stealth infections using executable scripts. Whatever is spread by AppLovin should not be trusted and followed by users. A deeper investigation showed that AppLovin's main focus is set on Jio devices which are popular in India. Jio is an official Indian company providing Internet and smartphone products in India. AppLovin also displays a sign-in screen. The entered credentials may be recorded by the app to steal TikTok accounts or hack you on other websites registered using the same credentials. It was also discovered that AppLovin abuses the hijacked devices to send spam messages with download links to other Jio owners. In sum, AppLovin was clearly developed for causing privacy threats and downgraded smartphone performance. Users that are infected with this application, should instantly remove it before it does significant damage. You can follow our instructions below to do it correctly and without traces.

How to remove Medusa Trojan (Android)

Medusa was analyzed and eventually assigned to the category of banking trojans. It infects Android users to grant cybercriminals with remote access over the device. From there, swindlers may be able to execute various commands - e.g. extract valuable data, force-open unwanted websites, or download other malware as well. On a general level, the trojan can do whatever it wants ranging across actions like viewing your screen, navigating through installed apps, unlocking the screen, recording keystrokes (to steal passwords), and also streaming both camera and audio in real-time. This specific feature is most likely used to perform malicious and fraudulent commands while nobody is using the phone. As mentioned, Medusa is categorized as a banking trojan meaning its main target is set on hijacking credentials to log into banking applications. This is therefore needed to perform transactions and steal users' money without consent. Medusa is one of those trojans leading to serious consequences related to privacy and financial risks. If you spotted your device began to act weird and without your consent, do not linger and remove the virus using our tutorial below.

How to remove AbstractEmu (Android)

AbstractEmu is a high-risk Android virus detected in 7 applications available across legitimate Android app stores. Upon successful installation and interaction with one of these apps, the hidden AbstractEmu malware roots the whole smartphone to grant itself privileged rights over the system. It does not require any remote control - the activation of malware happens immediately once people start using an app. By doing so, AbstractEmu will have access to everything present inside of a device. The virus will be able to act on its purpose running various actions on a compromised system. This means developers behind AbstractEmu can manipulate your smartphone however they want - e.g. gather sensitive data, open apps, read personal chats, surveil your front camera, or even install additional malware. Such virus abilities are quite similar to what we saw with the FluBot spyware - already discussed on our blog. The range of platforms that distributed AbstractEmu-related apps were Google Play, Amazon Appstore, Samsung Galaxy Store, Aptoide, and even APKPure.

How to remove (ShopSave)

Ads by are generated by a browser-based add-on that can be installed to Chrome, Firefox, or Internet Explorer. is adware designed to earn money on unlucky users. In particular, by showing various coupons, offers, and banners leading to dubious pages. Sometimes displayed banners can look useful or even legitimate, however, they are often meant to conceal underlying redirects to third-party pages. In other words, if you click on the eBay sale banner powered by, you will see a chain of dozen websites opened before you end up on the intended page. Such ads are usually scattered around all websites you visit, so there is no way to evade them as long as is present on your PC. All adware-related changes pose nothing, but performance decrease as well as security threats. This means an unwanted app is likely to slow down your system and wield access to your personal data (passwords, IP addresses, geolocations, etc.) entered during the browser session. Therefore, is strongly advised to undergo thorough removal as it brings no positive value to your experience. If you struggle to do it on your own, feel free to follow our tutorial down below.

How to remove FluBot Malware (Android)

FluBot is a malicious infection classified as a banking trojan that happens to penetrate Android-based smartphones. A wide number of users made reports upon receiving suspicious messages with links to download pages. This is exactly how FluBot targets its victims. Extortionists send a number of similar SMS messages (in different languages) that contain links to download an ostensibly legitimate FedEx application. The fake delivery website shares an APK file used to install the FluBot virus. As soon as you launch the APK file, the installation wizard asks to grant many types of permissions like reading contacts, observing and sending SMS messages, pushing notifications, initiating phone calls, tracking location, and other suspicious permissions. Having such a big number of unreasonable permissions begs up a huge security question. By allowing all of the mentioned actions, your smartphone will be fully controlled by cybercriminals. This will, therefore, help them collect sensitive data entered during the usage. After accessing your smartphone, the virus also receives remote commands from servers to disable device protection and other features preventing third-party invasion. Note that FluBot may also generate fake windows that will require entering banking information (credit card number, CVC/CVC2 codes, etc.). Everything mentioned above proves that FluBot is a dangerous piece that has to be removed.