ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Can Smartphones Get Virus/Viruses and Malware? iPhone / Android Phone Only as Smart as Their Users in Malware Detection

Updated on June 28, 2018


As smartphones become more and more popular, and their connectivity and processing power increase, they are attracting more attention from malware writers around the world.

"A big tree attracts the woodsman's axe."
-- English proverb

Computer security experts have predicted since 2009 that viruses (actually "malware", which describes all types of malicious software) will hit smartphones. It appears that 2011 will be the year of smartphone viruses. This hub will go into some detail on how do you get smartphone viruses, what sort of damages can a smartphone virus do, and what you can do to protect yourself.

What Can Happen With a Smartphone Virus / Malware / Trojan

First of all, the proper term is "malware" which describes all sorts of malicious software, not just a virus, or trojan, or logic bomb. Malware describes everything malicious.

Any way, malware can do the following (all are actual cases):

  • Send messages to "premium service" SMS numbers that cost extra money, similar to calling 1-900 or 976 numbers
  • Send your personal information to unknown parties
  • Turn your phone into a part of a botnet so others can execute commands remotely for nefarious purposes, such as spam, DDOS attack, and more.
  • Give others ability to monitor your phone calls and text messages
  • Open you to blackmail, if something embarrassing can be found and sent elsewhere
  • Trick you into entering financial information, such as account number, birth date, and more
  • Even stuff on your PC... if you connect your PC to your smartphone
  • and more...

This is a threat you need to take seriously. And here are some examples.

Android Hacked App Turns Your Phone into a Botnet Zombie

Symantec, a world leader in malware detection and computer security, reports that Android malware is on the rise, and they have just detected a hacked version of the popular "Steamy Window" (February 2011) available through Chinese websites that turns your phone into a botnet zombie. Once your phone had been zombified, hackers can remotely control your phone to:

  • send premium text messages
  • block text messages,
  • add bookmarks,
  • force your browser to visit certain websites
  • and more

iPhone Worm Hacks Jailbroken iPhones into Botnet Zombie

You think only Android phones can be zombified? Sorry, Apple iPhone was first targeted. Symantec reported on this worm in June 2010. If you jailbroke your iPhone, but did not change your default SSH password (easily found on Google) this worm, known as the Ikee Worm, will allow someone to remotely control your phone from afar.

HTC Phone In Europe Was Loaded With Botnet Virus

In March 2010, Panda Research, maker of Panda Anti-virus, found that some HTC phones sold in Spain by Vodafone, was infected with a variant of the Mariposa Botnet. As soon as you connect the phone to a PC, the payload attempts to drop the botnet software onto your PC.

If you do not have an anti-virus on your PC, you may be infected just like that.

iPhones are Vulnerable to Scareware

Intego, the Mac Security Blog, found a Dutch Hacker sending ransomware to iPhones back in November 2009! Technically it's not ransomware, as your phone will work fine. However, this Dutch hacker can remotely scan your phone, reveal your vulnerability, and will send you instructions on how to fix it if you send him $5 Euros. So it's technically scareware, but it's a real threat.

If he can see your phone by remote, what ELSE can he see, one wonders?

Phishing Bank App Steals Account Information

Sophos Internet Security, in January 2010, found that some malware writers were releasing fake bank apps targeting smaller credit unions into Android Marketplace. The clear intent is to steal account information from those customers. Fortunately for the customer she called the credit union for assistance, and the credit union quickly realized they have a phishing scam on their hands, as they do NOT have an Android app!

Stolen Apps Steals Info, Roots Your Phone

Android Police got a tip-off from a reader... There are trojan apps in Android Market that was taken, repackaged with malware droppers, then released into Android Market under a slightly different name. Dozens of such apps were released by this "developer".

The trojan will steal your phone's unique ID and other information, and even execute system-level code through a root-exploit.

This super-trojan has been dubbed "DroidDream", and Google has already pulled all the apps by the developer. Android Police reported that XDA has a special patch that should disable the vulnerability.

iPhone Password Can be Hacked in Six Minutes

Let's say you lost your smartphone. That would be a disaster, as it has all your contact information. If you bank with your phone, even worse! It may have personal information in there!

Okay, you locked it with a password. It's safe, right?

Not quite. Some German researchers broke an iPhone's password (with a computer's help) in six minutes.

Scary, isn't it?

Chinese Phone Tapper/Tracker Arrives as Virus

NetQin Security of China reported that "X Undercover", a cellphone surveillance app that can be spread as an attachment, has infected over 150,000 phones in China. The app can reveal GPS coordinates, turn your 2-way call into 3-way call (i.e. tap your phone call), and more. It is being sold as a way for parents to track their child, boss checking up on subordinates, or jealous husband checking on wife (and vice versa).

Okay, okay, what do I do now?

Did I scare you enough? it is actually not that difficult to secure your phone.

Set a Password or Lock Pattern

While passwords and lock patterns can be hacked, it takes time to hack it. Setting a password will give you time to do some other security measures... such as remote wipe.

Use a Password Manager

LastPass or KeePass can be cross platform and give you security without affecting usability too much. Use a different password for every login would give you far better security. 

Do NOT Lend Your Phone to Any One

Someone can install malware into your phone, whether intentionally or not, while it is in their possession. Yes, that includes your children.

Load a Security Package that includes Scan, Phone Tracker and/or Remote Wipe

If you lost your phone, you need to be able to locate it, and/or remotely wipe it clean so nothing from you can be stolen. (And those apps cost $$$, no way around it). Remember, if they have the phone in their possession, they can hack it.

The Security Package should also update itself and scan for malware threats upon every install.

Do NOT Click on Mail Attachments or Links (unless you're sure)

This is same as PC... Do NOT trust attachments or links, even if they appear to be from legitimate sources, unless you are sure.

Do NOT Download / Install Apps from Unknown Sources

By default iPhones only get apps from iTunes Store, and Android only get apps from Android Marketplace. You have to explicitly bypass those restrictions, and that opens you to vulnerability. There are a LOT of pirated stuff out there, promising free apps, but how do you know what are really in those apps?

(ANDROID) Even if it came from legit sources, have some common sense!

Just because it's on Android Marketplace does NOT mean it's automatically safe and legit. Google does NOT inspect all apps.

The fake apps were distributed through Android Marketplace, but they come from unknown developers. Look for reviews and direct links to Android Market or Appbrain instead of downloading sound-alike apps.

(ANDROID) Check those app permissions!

When you install an app on Android, it asks you for certain permissions. When an app asks for more permissions than it should (the fake Steamy Windows app asks permission for "sending and receiving SMS") you should abort the install.

Beware of Abnormal Phone Behavior

  • Does your phone seem far more sluggish than usual?
  • Did you notice strange charges in your phone bill?
  • Does your battery not last as long as before?
  • Does your internet data usage seem much higher than usual?

Make Backups!

Make backup of all information so you can restore them if you have to.


If you do NOT have a security package loaded, you should get one immediately, and set a password on your smartphone. You may not get hit by smartphone malware, but there is no point in taking chances, is there?

For Android, the big names are already on the Scene

For iPhone security, please refer to this guide from eSecurity

Be safe out there.


    0 of 8192 characters used
    Post Comment
    • kschang profile imageAUTHOR


      5 years ago from San Francisco, CA, USA

      Really, and how do you know this?

    • profile image


      5 years ago

      Yeah right. All someone needs is to know the right things. I haven't downloaded an app or created an Apple ID and right now my phone is compromised again by using certificates and VPN servers all different kinds of ways. I'm locked out of 4 iPhones right now

    • profile image


      6 years ago

      i think virus comes from the most of the free apps or games we download cos we click on agree before we install them it might have gave already access to the virus or malware atm i m using appriva cloud antivirus which is antispyware too i kinda like it and was hoping that you guys give some suggestions too.

    • kschang profile imageAUTHOR


      6 years ago from San Francisco, CA, USA

      Trojans or malware are usually specific to the platform, i.e. a PC virus can't infect and Android phone.

      Furthermore, a phone generally don't try to run any apps on the SD card. Unlike a PC, phones don't have "autoexec" option. :)

    • profile image


      6 years ago

      So let's say you put music onto an SD card and use that SD card on your phone. If there is an infected file, will your phone also be affected by it, or does it only apply for computers? Especially Trojans.

    • profile image


      6 years ago

      This is very interesting

    • kschang profile imageAUTHOR


      6 years ago from San Francisco, CA, USA

      99.5% (my estimate) of malware are spread through fake apps. There are very rare ones that can bypass the OS restrictions through holes that are patched as they are found.

    • profile image

      Alden L. 

      6 years ago

      so basically the only way to get hit with malware is through "apps" and whatever you download(manually) in your emails ie: i right?

    • iain-mars profile image


      7 years ago from United Kingdom

      Great article. I think the danger to smartphone users is even worse than PC users as people are less aware of viruses on their phones! Also with the advent of QR codes sending people to dodgy websites will become more and more common.

    • kschang profile imageAUTHOR


      7 years ago from San Francisco, CA, USA

      @vinner -- that's because the field's still young. Smartphones only gotten popular in the last few years. It can only get WORSE.

    • vinner profile image


      7 years ago from India

      Very useful article friend. But I think virus attack is comparatively less in phones


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)