You might have experienced this: You’re browsing the web on your phone and a pop-up window appears on the screen, claiming you’ve won a prize or that you have a virus and you need to call a tech support number. Or maybe they’re just annoying pop-up ads that won’t go away. What gives? Has your phone been hacked or infected with malware?
Though it’s possible that your phone has been hacked, it’s unlikely this would cause a rash of popups. Most people would never know their phone has been hacked until they see evidence of their personal data being made use of, such as charges to their bank account or new lines of credit opened in their name. This is because a hacker will run a script to scan the phone for user data and collect that without showing any evidence of having done so. The longer you’re in the dark, the more time the hacker has to use your data.
However, there are several other reasons for an unasked-for window pops up on your phone. And yes, some of them are malicious. Here’s how to stop them.
Fake virus alerts
Shut down the browser window or tab. Be wary of popups or bad ads that may have fake buttons that resemble the usual close button – if clicked, you could end up downloading malware. It’s best to avoid interacting with the alert at all.
Alternately, if your browser isn’t locked up, you can simply navigate away from the site, by tapping in a new URL in the toolbar. If you still get the alert, check what webpage you were browsing and consider avoiding it for a while – it may have been hacked in order to push these malicious alerts.
How to prevent fake virus alerts
You can prevent these alerts from occurring in the first place by turning on popup blockers in your browser.
On Android, open Chrome and head to Settings > Site (or Content) Settings > Block Pop-ups.
For iPhone users, open iOS Settings > Safari and toggle on Block Pop-ups and also toggle on Fraudulent Website Warning.
Hijacking websites via malicious advertising
Unfortunately, there’s also a chance that pop-up you saw is part of a trend for ‘malvertising’ – where malware makes it into ad networks and are distributed among the network’s myriad sites.
Even reputable sites, such as the New York Times and BBC, can be hijacked through ads without site admins realizing it. Hijacked sites may also redirect you to webpages you never clicked on or even install malware through drive-by downloads. These pop-ups and misdirects can continue to plague your browsing experience on that site (and other sites that use the same ad network) until the malicious advertiser is removed from the network.
Over the last decade, we’ve spotted this issue on Techlicious a couple of times. We quickly contacted the associated ad network and were able to have the ads removed quickly.
What to do when you browse to a hijacked website
- First, make sure you never enter any information asked for in a popup, or a website that you didn’t specifically navigate to.
- Shut down your browser if the popups that redirect your to another site keep happening
On iOS, half swipe up on your iOS device (or double tap your Home button) to see all open apps, then slide your browser app away.
On Android, tap the rightmost square to see all open apps, then flick away the browser app.
Always keep your web browser updated. Regular updates often contain security patches that address vulnerabilities exploited by malvertising campaigns.
Adware infection
If your smartphone browser continues to pop up alerts despite taking the above precautions, it’s possible your phone is already infected with a type of malware called adware. Adware causes advertisements to pop up on the infected phone, forcing users to view particular pages that earn revenue based on clicks. It can also pop up advertisements for downloadable content such as games, which, if installed, can have even greater consequences for users’ data and finances.
Malware can land on phones through downloading bad apps or by surfing to a website compromised by ‘drive-by downloads’ that allow malware to install itself on a user’s device without the user having clicked on anything.
How to remove adware infection
To rid your Android phone of malware, the easiest way is to run an antivirus scan with one of our recommended mobile security apps, such as Avast, Bitdefender, Norton, McAfee, and AVG.
If using a mobile security app to remove the adware doesn’t sort out your pop-up problem, you may need to do a factory reset that will clear your phone of all data – including the problematic app and malware. Make sure your data is backed up before your reset your phone.
How to factory reset your phone
To reset your iPhone, head to Settings > General > Reset and then select Erase All Content and Settings.
To reset your Android phone, head to Settings > System > Reset Options > Erase all data.
Once you’re cleared, you can focus on prevention: always update your browser and your smartphone OS. Updates usually patch vulnerabilities that can be exploited by malware.
We hope these tips have been helpful in your business. Please let us know if you have any questions about your IT environment or how to secure it from outside cyber threats. We are here for you! Contact us at (732) 780-8615 or email at [email protected].
Natasha Stokes, Excerpt from “Does a Pop-up Mean Your Phone Has Been Hacked?”, techlicious.com, August 14th, 2024