What’s a possible sign of malware? 11 red flags to watch for

Malware, short for malicious software, is one of the most widespread risks on the internet. It can cause sluggish performance, display pop-ups that pester you non-stop, or even lead to serious consequences like data theft, system crashes, or the complete loss of important files.

This guide will show you how to identify 11 malware warning signs, how to remove malware from your device, and how to strengthen your device security to avoid repeated infections.

What is malware?

Malware is an umbrella term for any program, script, or code intentionally designed to damage devices or steal data. It can lurk in fake applications, suspicious downloads, or email attachments you thought were safe. Once in your system, it can do serious harm.There are many types of malware, but the most common ones include:

• Viruses: These attach themselves to files or applications and spread when you run the infected item (or the host file).
• Worms: Self-replicating programs that spread across networks without user action, often slowing down systems or consuming bandwidth.
• Trojans: Gain access to or control of your system using malicious code disguised as legitimate software.
• Spyware: Secretly monitors your activity—like keystrokes, messages, or browsing habits—to steal personal or financial data.
• Ransomware: Encrypts your files or locks your system, then demands payment in exchange for restored access.
• Adware: Bombards you with unwanted ads or pop-ups, often tracking your behavior to display targeted promotions.
• Rootkit: Hides deep in your system to avoid detection and allow attackers to remotely control your device.

Malware can fall into more than one category—some threats combine traits from several of these types.

It’s also worth noting that modern malware doesn’t just infect your computer or phone—increasingly, malware also targets devices such as routers and smart home (IoT) devices.

How does malware infect your device?

Malware can infect your device through multiple channels, often relying on social engineering tricks to succeed. Understanding how and what these channels are can help you avoid getting infected in the first place. Here are some of the most common ways malware finds its way onto computers and mobile devices:

Fake software or unauthorized downloads

One of the most common ways devices get infected is when you download something (like a video, a picture, or a program) from an unverified source. For example, you might try to download a free tool and end up with something harmful. Even legitimate-looking apps from third-party stores can hide malicious features—and sometimes, malicious apps slip through reviews in official app stores, too.

Drive-by downloads

Sometimes, just visiting a compromised or fake website can cause a drive-by download, where the site automatically tries to install malware on your device. This is especially successful if your system or browser is out of date.

Malicious links and email attachments

Cybercriminals often use emails, texts, or DMs to send attachments or links that trigger malware when opened. For example, you might get an email that looks legitimate but has an infected attachment (like a fake invoice PDF), a link that, when clicked, downloads malware, or even a QR code that, once scanned, initiates a malware download.

Malicious ads and pop-ups

Some ads hide code that forces your system to download malware as soon as you click. You might think you’re dealing with a harmless advertisement, but behind the scenes, a script can start installing damaging files.

Software vulnerabilities

Outdated software (including your operating system, browser, or other apps) may have security holes. Attackers can exploit these vulnerabilities to inject malware into your system—sometimes without you even clicking anything. For instance, worms can spread across networks by exploiting unpatched flaws.

Mobile app downloads

On smartphones, installing apps from outside the official app store (for example, downloading Android APKs from random sites or jailbreaking your iPhone to install unauthorized apps) can expose you to malware. And as already mentioned, even in official stores, malicious apps sometimes slip through reviews by posing as harmless tools or games.

Most common signs of malware infection

At this point, you may be wondering how to tell if your device is infected or what a possible sign of malware is. Here are 11 symptoms to watch for—and why they happen.

1. Your device is running slower than usual

A sluggish system is one of the most common signs of malware infection. Many malicious programs hog your system’s resources and use up processing power by scanning your files or downloading harmful updates in the background. If your device used to be snappy but has become sluggish—even without new software installs—malware might be to blame.

What it looks like: You might notice everything takes longer: Programs load slowly, web pages stall, typing lags, or your entire system might feel sluggish and unresponsive. Although non-malware issues (like low storage) can cause this, persistent, unexplained slowness points to malware. On phones, battery stats might reveal unknown apps draining power in the background. If switching windows is choppy, investigate a possible infection.

2. Unexpected freezing or crashing

It can be annoying when your laptop or phone locks up randomly. A sudden crash might point to a hardware issue—but it can also be a malware warning sign you shouldn’t ignore. Malware can conflict with system processes, corrupt critical files, or run code that overloads your device.

What it looks like: Your device might lock up without warning, forcing you to do a hard reset. You might see the infamous blue screen of death on Windows, while on a Mac you might get repeated spinning beach balls and forced reboots. Everyday apps might suddenly close on their own or show error messages. If this behavior happens regularly (and isn’t tied to, say, a specific app that is known to be buggy), malware could be causing system instability.

3. Increased data usage without explanation

Malware can cause a spike in bandwidth—even if you’re not streaming or downloading anything. Some malware connects to external servers to download more harmful files or send stolen data to attackers.

What it looks like: Let’s say you have a 5GB mobile plan you rarely max out, but suddenly, you hit your limit without changing your habits. Or your internet usage spikes overnight while your PC is idle. On phones, an unknown app might be using large amounts of data. On computers, your router’s activity lights might blink constantly, even when you’re not online. If there’s no obvious reason for the spike, malware might be quietly using your connection in the background.

4. Annoying pop-ups and unwanted ads

Pop-ups are a huge nuisance—and a classic sign of malware. If you’re seeing nonstop windows urging you to click, buy, or install shady tools, even on websites that normally don’t show pop-ups, it’s likely adware. This can hijack your browser, clutter your screen, and potentially inject more harmful files if you click the ads by mistake.

What it looks like: You might be doing nothing in particular, and suddenly a random ad window appears saying, “Congratulations, you’ve won!” or prompting you to download some software. Perhaps every time you search the web, you get extra ads or are redirected to different sites. You may also see fake warning messages like “Your computer is infected; click here to scan,” which are scareware tactics. These are classic malware warning signs.

5. Suspicious messages sent from your account

Have friends or coworkers told you they received strange emails or social media messages from you? Maybe the messages included sketchy links or even asked for money. That’s a major sign your device, or at least your login credentials, may be compromised.

What it looks like: You might discover an outbox full of emails you didn’t write or get replies like “Is this really you?” from friends who got a strange message from your profile. On SMS or messaging apps, your contacts might ask why you sent them a link to a bizarre website. Often, the messages contain malware links and a generic, tempting text like, “OMG, look at this photo of you!” or something similar you wouldn’t normally say.

6. Unknown apps or files appearing on your device

Hackers sometimes bundle malicious code with what looks like harmless software. Once installed, the hidden code can install even more harmful files in the background. Seeing apps or programs you didn’t install is a warning sign you shouldn’t ignore.

What it looks like: You open your Start menu and see a program you don’t recall installing. A suspicious app icon appears on your phone, or unknown files fill your storage. Some malware installs extra tools or clones itself under different names. If unfamiliar software or files appear out of nowhere, consider a possible infection. Unfamiliar files or apps that seem to appear out of nowhere should raise an eyebrow.

7. Your browser’s homepage or search engine suddenly changes

Browser hijackers specialize in messing with your web settings. You might open your browser and find a shady search engine or a fake ‘security’ page as your new homepage. These modifications often help criminals earn referral fees or lead you to phishing pages.

What it looks like: You open your usual browser, and instead of your usual start page, you see an unfamiliar search page or a spammy site. When you try to search, the results might come from a search engine you’ve never heard of, and the page is filled with extra ads. You may attempt to change your settings back but find that the changes revert or you’re unable to remove the new default homepage. This type of malware often comes bundled with fake toolbars or hides in other software installs.

8. Frequent website redirects to suspicious pages

Unlike a hijacked homepage, these redirects happen after you click a normal link. Instead of reaching the site you wanted, you land on a spammy domain or a site urging you to install random software. This tactic can gather your personal data or install additional dangerous scripts.

What it looks like: You might experience something like this: you attempt to go to a known site (say, a news site or an online store), and instead of getting there directly, the browser opens new tabs or windows sending you to odd domains—perhaps showing a fake warning (“You have a virus!”) or telling you to download some software. Sometimes, a single click opens two or three extra tabs full of ads. Frequent redirects like these usually point to a malicious plugin or a DNS hijack.

9. System tools and security features are disabled

Some infections turn off built-in security items, such as Windows Defender or other protective software. Others block tools like Task Manager to hide what they’re doing. They might also remove or disable third-party antivirus utilities.

What it looks like: Your antivirus won’t open, or it shuts down right after launching. Windows Defender or the firewall might be off and won’t turn back on. Task Manager or Command Prompt could be disabled or close instantly. Some malware blocks Windows updates to avoid detection. On phones, you might be unable to install apps or notice changed security settings. If your usual security tools are disabled or glitchy for no clear reason, malware could be the cause.

10. Important files are missing or encrypted

Ransomware can lock you out of your files, then demand payment for a decryption key. If you see file extensions you don’t recognize, or you click a file only to see a ransom note, you’re dealing with a crisis scenario.

What it looks like: You may notice an empty folder or missing photos. With ransomware, files might appear but be renamed (e.g., file.jpg.locked) or garbled and won’t open. New files with ransom instructions (like README_ENCRYPTED.TXT) may also appear. Confirm it’s not a user error, such as accidental deletion. If files are truly missing or clearly encrypted, there’s a strong chance malware is involved.

11. Your device’s fan is loud or battery drains quickly

Unusual fan noise or battery drain often means malware is running in the background. Some malicious code consumes so many resources that your device overheats. Crypto miners, for example, are notorious for this.

What it looks like: Your laptop’s fan runs loudly with no apps open, or the device feels unusually hot. On phones, the battery drains fast—even on standby—or the phone stays warm during light use. A sudden drop in battery life (for example, from 100% to 40%) or a consistently high temperature isn’t normal. Check your Task Manager or Activity Monitor for unknown processes using 90%–100% CPU.

How to remove malware from your device

If you spot signs of malware, act quickly. Removing it early can prevent further damage and restore peace of mind. Here’s a step-by-step guide to removing malware from your device.

Step 1: Disconnect from the internet

First, unplug your device from any network or switch off your Wi-Fi. This prevents malware from downloading more harmful files or spreading to other devices on your network. Some malware needs an internet connection to do more damage—disconnecting stops those scripts in their tracks.

Tip: If you think your router might be infected too, unplug it or power it down to be safe. That way, you know you’re fully offline.

Step 2: Boot in safe mode

Safe mode starts your device with only essential functions, stopping most malware from running and helping you spot suspicious files. Each operating system has its own steps to enter safe mode:

Note: These instructions use the Start Menu method on Windows 11, which is one of the easiest ways to enter Safe Mode.

1. Open Start Menu and click Power. Then, hold Shift and click Restart.
2. Wait for the system to reboot. In the Recovery Menu, click Troubleshoot. Choose Advanced options.
3. In Advanced options, select Startup Settings → Restart.
4. After the computer restarts, you’ll see a list of options. Press 4 or F4 to start Windows in Safe Mode. If you need internet access, press 5 to start in Safe Mode with Networking.

On a Mac, you can start in Safe Boot by holding the Shift key while powering on. On Android, hold the power button, then tap and hold Power off to reboot into safe mode. Specific steps can vary by device manufacturer.

Step 3: Run a trusted antivirus or anti-malware scan

While in safe mode, run a full scan with a reputable antivirus. Make sure it’s updated to the latest virus definitions, then check your entire system.

The scan will detect threats like viruses, trojans, or spyware, offering to quarantine or remove them. Follow on-screen prompts to clear any issues.

Once you’ve quarantined or deleted all files flagged by the antivirus, reboot your computer and run another scan. If any threats remain, repeat the process until the scan returns zero results.

Step 4: Remove suspicious programs and extensions manually

Antivirus software should handle the majority of malware, but it’s wise to manually check for any suspicious programs or browser extensions that might be lingering. Look for odd names or software you don’t recall installing. Uninstall anything suspicious.

Then, open your browser and remove any extensions or toolbars you didn’t add yourself. Next, clear your temporary files and cache.

After removing suspicious programs and extensions, empty your recycle bin. You don’t want to accidentally restore malicious files from the recycle bin later.

Step 5: Restore or reset your system (if necessary)

In most cases, antivirus scans and manual removal will clean an infected device. If the malware persists—or if it’s a deeply embedded rootkit or ransomware—you may need a system restore. This reverts your OS to a snapshot from before the infection. If that fails, a full factory reset wipes everything and returns your device to default settings.

After restoring or resetting, re-run antivirus scans to confirm the device is clean. If anything suspicious reappears, remove it immediately and stay offline until your system is secure.

How to prevent future malware infections

Spotting malware symptoms is important—but it’s even better to prevent threats from reaching your device in the first place. Here are several ways to protect your system.

Use multiple security tools

A strong defense goes beyond just antivirus software. Try a multi-layered approach, including:

• Your device’s built-in security features. Enable your device’s firewall (e.g., Windows Defender Firewall or Mac’s security features) to block unauthorized access.
• Strong passwords or passphrases that reduce the odds of brute-force attacks.
• A VPN to encrypt your traffic and shield you from certain types of data interception. ExpressVPN, for example, has additional features that can help you avoid malware infections, such as Threat Manager, which blocks trackers and malicious websites, and ExpressVPN Keys, a password manager that makes creating and managing strong passwords much, much easier.

Keep your software and OS updated

Software updates frequently include patches that close security holes. Once a patch is released, attackers often target systems that haven’t updated yet. Running outdated apps or operating systems places you at greater risk.

Turn on automatic updates for your OS, your browser, and other critical software. Doing that lets you receive crucial fixes as soon as possible. You can also enable update prompts for your antivirus solutions so they always have the latest threat definitions.

Avoid clicking on suspicious links or attachments

Most infections still rely on user action. A risky link in your inbox can pave the way for trojans or viruses. Be cautious with unexpected emails—especially ones pushing you to download an attachment or click a link immediately. Also, avoid shortened links when possible—you can’t see where they lead until after you click.

Regularly back up your important data

Backing up is a major safety net. If you do get infected by ransomware or a file-damaging threat, you can restore your device to a normal state from a clean backup. Back up regularly, using more than one location—like an external drive and a cloud service—so you always have a clean copy. Once you confirm your system is clean, store a fresh backup. That way, you’ll avoid saving infected files.

Stay safe from malware threats by staying alert

Malware constantly evolves, but that doesn’t mean you have to be at its mercy. Alertness can make a big difference. Regular scans, safe browsing, and prompt updates are all part of a wise security plan.

Smart habits go a long way—but the right tools make staying safe much easier. A dependable antivirus for malware removal catches suspicious items early, and a VPN keeps certain traffic away from intruders and increases your overall privacy. Together, these efforts make your device much more resilient against evolving threats.