It did not start as a mistake. It began as something quite ordinary. A friend wanted to download a game that was not available on the Play Store, so he did what many people do, he downloaded it from a random website. In cybersecurity, the practice of installing apps outside official app stores is known as sideloading. At the time, it seemed harmless. It was just another app, another normal decision made with no second thought.
Not long after installing it, the phone began acting weirdly. The browser started redirecting to unknown and insecure websites, often interfering with regular use with waves of ads and unwanted pop-ups appearing as important alerts. Other times, the phone’s sound would abruptly stop, and the network connection would disappear entirely. This continued, recurring frequently enough to create a pattern that was impossible to ignore. Except for that one malicious app, nothing had changed on the phone, and it was anticipated that the issue would stop once it was uninstalled. It didn’t, instead the disruption become more frequent rendering the phone impossible to use. He followed the steps that most individuals would take.
Phone scans were conducted. Security tools were installed. Antivirus scans were completed. Each scan stated that everything was fine, but the disruptions and redirects to insecure websites persisted. Whatever had taken control of the phone was evidently intended to function silently and avoiding detection by antivirus software.
After all attempts to get this disruption to stop were ineffective, it seems the only option left is factory reset of the device. The most difficult decision occurred when he began considering his data, pictures and personal documents that were kept on the device, so backing them up felt like a sensible step. However, reluctance set in. If this wasn’t just a malicious software, but something more serious such as malware, a worm, or a program meant to propagate silently, backing up may result in the problem being carried over to another device. Connecting the phone to a laptop suddenly felt unsafe, due to the fear of unintentionally transferring this possible virus or whatever it is to his PC.
In the end, he decided to proceed with caution. The phone was entirely wiped. There was no backup or recovery.
Everything was lost, including photos, videos, documents, and memories. The phone was finally cleaned, but the cost was high. It wasn’t an easy decision, but it seemed like the only reasonable one.
At that point, securing other devices and preventing further harm were more important than protecting what was already at risk. Looking back, the explanation is rather simple. The app most likely carried malicious code, functioning much like a Trojan horse, appearing harmless on the surface while it secretly performs malicious actions. What my friend downloaded is not an obvious type of virus or worm that download his data instantly, but a malware meant to hijack browsers, interact secretly with unknown servers, interfere with critical system processes and redirects to malicious download sites probably with the intention of installing more malicious apps.
What stands out the most about this security incident is how simply it occurred. A single, casual download set everything in motion. This is by no means a unique experience, and it is not limited to mobile phones. Across Nigeria, people frequently download apps and software from unknown websites. On phones, this is frequently due to an app not being available locally or because a free version appears to be more convenient. On computers, it is cracked software, cost of purchasing software license, pirated games, or installers that are casually distributed via flash drives and through other social media platforms. It is worthy to note that phones and computers are no longer that different. Both now save emails, banking apps, documents, images, and personal information. A compromised laptop can propagate malware via shared files, USB drives, or office networks, whereas a compromised phone might discreetly reveal far more than many people realize. What occurred to that phone could easily happen to a PC, with potentially more serious implications. Although no money was lost in this case, data, time, and peace of mind were all lost. The lesson was delivered not through a dramatic cyberattack, but rather through everyday convenience and a moment of misguided trust.
We frequently view cyber threats as organized crime groups employing sophisticated strategies, but in truth, some of the most significant breaches stem from simple decisions, the app downloaded in a rush, the application or software downloaded outside of official stores, and granting permissions during installation without a thought if the requested permission is needed for full app experience.
In a world where our smartphones increasingly carry our private information, every download is a decision, and sometimes the safest option is to pause and think before clicking. Adeyemi Adesola is a certified cybersecurity specialist dedicated to raising security awareness and education across Africa, empowering organizations to defend against evolving cyber threats.
Adesola, Email: contact@yemiadesola.com
