Is your computer secretly mining for bitcoins?
Andy, also known as AndY and Andyroid, is an emulator that makes it possible to run Android software on other types of operating systems. The malware is believed to be associated with it; hence the name.
The Andy emulator for Android works on Windows 10, Windows 8 and Windows 7, plus Ubuntu 14.04+ and Mac OS X 10.8+. Any of these operating systems can be impacted.
What Is the Andyroid Virus?
The AndY virus is a trojan malware that secretly mines for bitcoins using your computer. Bitcoins, also called cryptocoins, are digital currency that can be used to purchase a wide variety of items.
How Does the Andy Virus Work?
Bitcoin mining is a resource-intensive process, so hackers (not legitimate bitcoin miners) who seek to make money with bitcoins will attempt to use any computer they can to help in the process. This is the gist of how the Andyroid virus works: It infiltrates a victim’s computer in order to take advantage of its resources and look for bitcoins. Aside from sucking great amounts of your computer’s resources, it doesn’t typically cause much harm.
Gamers are targets of choice for bitcoin mining hackers because they typically have systems with highly capable graphic processing units (GPU) or video cards. These are favored by hackers because they can process mining much faster than other kinds of computer systems. Don’t be complacent if you’re not a gamer, though, because hackers will use any system they can to mine.
How Do I Know If I Have This Virus?
You’ll most likely notice that your computer is running painfully slow. The mining process can also cause your computer to overheat and you might see excessively high power usage even when you don’t have any programs open.
You might also see an application error pop up window for updater.exe.
How Did I Get the Andyroid Virus?
It’s important to differentiate Andy the emulator from Andy the potential threat. The emulator program itself is hugely popular and highly recommended by many experts.
The problem first came to light around 2016 when some users began to report that Symantec antivirus programs were removing the Andy program as a threat. Not long after that, a Reddit user reported that installation of the Andy program on his system also installed a GPU miner Trojan potentially through an adware bundler. According to the Reddit user, the miner was installed as C:\Program Files (x86)\Updater\updater.exe. When launched, that .exe file used up the GPU. The user’s findings have been confirmed by others.
It appears, then, that installation of the Andy emulator, which uses a third-party installer, is the source of the Trojan. The creators of Andy, however, deny that their software is the source of the virus so it could be that the installer is the true source.
How Do I Get Rid of This Virus?
The most effective way to remove malware like the Andy virus is to use a strong antivirus software program that can tackle all kinds of threats. A good antivirus can thoroughly remove the Andyroid virus but it can take several hours to do so. You can try other methods, too.
It might be possible to manually remove the Andy virus by uninstalling specific apps relating to it. Both Windows and macOS have clear ways to uninstall apps you no longer want to use.
Once the suspected program is removed, run your antivirus software again to see if the warning still appears.
This manual process is not always easy to perform since trojans can infect multiple programs; removal of a single program might not eliminate the problem
If your antivirus is still triggering a detection warning, you might have a persistent malware infection. This means the virus will keep returning. You can try removing the virus without using an antivirus application but, most of the time, however, both antivirus and anti-malware will be needed to remove these types of infections.
If nothing seems to work and your antivirus is still giving you a warning, then it might be time to try System Restore to return to an earlier point on your computer before you picked up the Andyroid virus. Be sure to select a period of time where you know you definitely didn’t already have the virus on your computer.
A system restore means you will lose any files and documents you have created or updated since you acquired the virus. However, trojans are notorious for re-infecting systems so it might be your only option if nothing else is working. Try this as your last resort.
How Do I Avoid Getting a Computer Virus?
There are a couple of key ways in which you can lower your chances of being re-infected with the Andy virus (or any other malicious program).
- Keep your antivirus software and malware protection up-to-date. New virus definitions are released regularly to keep your PC informed on what to look for with the latest virus and malware-based threats. When you don’t update, you risk obtaining a virus that could have easily been caught through an antivirus update.
- Watch carefully when downloading new programs. Always verify the legitimacy of the source of the programs and apps you download. Even reputable sites will bundle in extra add-ons that you don’t require such as updater.exe file in Andyroid, however, so stay vigilant.
- Block PUPs. Be sure to turn on the option to detect Potentially Unwanted Programs in your antivirus software. That helps you avoid accidentally installing add-ons that you don’t want.
- Don’t click those pop up ads. If a site deluges you with pop-up ads, leave it immediately.
You may be asking yourself, what if I have a cell phone virus and what is it anyway? You know you keep a lot of precious, valuable data on your phone, and when you hear in the news that mobile threats are on the rise, it’s easy to lose sight of the context behind the numbers and worry that you’ve gotten a dreaded mobile phone virus that’s going to steal your personal info and eat your children. Hopefully we can clarify things by addressing some of the questions that we hear most about so-called Android “viruses.”
Is there really such a thing as an Android virus?
Historically carried over from the old PC world, a “virus” is a program that replicates itself by attaching to another program. Hackers often used this method to spread their nefarious work, and virus became a popular term to refer to all types of malicious software (malware) on computers. In the case of smartphones, to date we have not seen malware that replicate itself like a PC virus can, and specifically on Android this does not exist, so technically there are no Android viruses. However, there are many other types of Android malware. Most people think of any malicious software as a virus, even though it is technically inaccurate.
So what is Android malware?
Malware, short for malicious software, is software designed to secretly control a device, steal private information or money from the device’s owner. Malware has been used to steal passwords and account numbers from mobile phones, put false charges on user accounts and even track a user’s location and activity without their knowledge. Learn about some of the most notable malware Lookout has blocked in Resources Top Threats.
How would I get malware on my phone?
Through Lookout’s research for the State of Mobile Security 2012, we’ve found that user behavior and geography greatly influence your risk of encountering malware. The safest bet is to stick with downloading well-known apps from well-known apps from reputable markets like Google Play in addition to having a security app. Fraudsters make it their job to disguise malware as innocent-looking mobile apps on app stores and websites. So if you’re thinking that it’s a good idea to download a just-published, supposedly free version of Angry Birds you found on a random Chinese app store, it’s probably not. Once installed, these apps may appear to work just as described, but they are can be busy with additional secret tasks. Some apps start out clean, but are given malicious capabilities after a seemingly routine software update.
And conscientious app downloading won’t always minimize your risk. Sneaky, drive-by-download sites can download a potentially malicious app file without any user intervention. Safe Browsing in Lookout Premium for Android will block web-based threats like that, but even so, you also shouldn’t install random downloads from your download manager that you didn’t expect to find there.
How can I protect myself and my mobile device?
It’s pretty simple to minimize the risk of encountering malware, and we’ve got 5 simple mobile security tips right here. The top two ways to protect yourself are to download a mobile security app like Lookout to catch those pesky “phone viruses” and to be judicious about what apps you download and were you download them from. Lookout will scour your phone or tablet for any existing malware, and also examine every new app you download to ensure it is safe. But even before you let Lookout scan your newly downloaded app, you should only download apps from sites you trust, check the ratings and read reviews to make sure they’re widely used and respected.
So, should you worry about getting a phone virus? Nope, because they technically don’t exist. (If they ever do crop up, Lookout will weed them out.) And should you worry about the more accurately termed malware? Well, with a little bit of awareness and Lookout on your phone and by your side, you can keep malware and other mobile threats at bay.
Does My Android Phone Have a Virus?
Many times, when people think they have an Android virus, it’s actually something more docile.
Suppose your Android phone crashes every time it starts up. Or maybe you can’t download apps from the Play Store. These are not necessarily caused by a virus. So don’t panic! Check our list of common Android problems and how to fix them. If none of those tips fix your issue, ask yourself a few questions:
- Did the problem start happening after you downloaded some app or file?
- Have you recently sideloaded an app from a third-party source (outside the Play Store)?
- Did you tap on an ad that downloaded a file or app you didn’t want?
- Does the problem occur only when you run a particular app?
If the answer to any of the above is yes, there’s a chance you have malware on your system. Thankfully, you might be able to fix it without a factory reset.
How to Stay Safe From Android Viruses
Google Play Protect is now part of all Android devices. It’s a built-in Android security measure that scans the apps on your device and checks for harmful ones. No matter where you install apps from, Play Protect looks through them. This means you essentially already have an antivirus built into your phone.
If you only install apps from Google Play, the chances of you picking up a phone virus are slim to none. Google scans all apps added to Google Play for malicious behavior and removes offenders. While some slip through the cracks, you’re very unlikely to install a virus app from the Play Store.
Installing from other sources is entirely different. Recently, apps downloaded from the third-party app store 9Apps proved to be the source of the Agent Smith malware. Downloading apps from random websites, especially “cracked” apps (paid offerings illegally provided for free), is a great way to pick up malware. If you chose to sideload apps, make certain that you trust the location you download them from.
However, this doesn’t mean every app on Google Play is beneficial. Scam apps might take your money for nothing, and many free apps abuse phone permissions to steal your data. But those are separate concerns from Android viruses.
Like on other platforms, common sense will help you avoid a virus. Don’t download from shady websites, try to avoid tapping on ads, and keep an eye on app permissions.