Amer Owaida, Security Writer at ESET explains how to spot the signs of a hacked phone and remove the hacker from your phone, if your smartphone has been compromised by malware.
With the dawn of the Android and iOS operating systems, phones have evolved far beyond their humble call and text features – they now are portable smart devices capable of doing tasks that were previously entrusted to laptops and PCs. We use them to snap pictures, send and receive emails, communicate through social media platforms, for wallets and banking apps … the list goes on. All of that wealth of data also attracts threat actors who want to use it to their own ends – from selling it on the dark web to using it to commit identity theft and fraud.
The past few years have provided plenty of evidence that even your trusty mobile device can be compromised by malware. With Android holding the lion’s share of the market, we’ll focus on this OS and leverage insights from ESET malware researcher Lukas Stefanko, who has a long track record of uncovering threats targeting Android users.
How your phone can get hacked
In quite a few ways, actually. One of the more common tactics used to compromise a victim’s device is using phishing and malspam emails that contain malicious links or attachments. Once the victim clicks on it the attachment or the link (which then downloads malware to their device), that malware allows hackers to carry out their nefarious deeds.
Another stratagem is fraudulent websites, where cybercriminals spoof the websites of popular brands or organizations – these are laced with malicious links that, once clicked, download malware onto your device.
Additionally, it isn’t uncommon for cybercriminals to deploy fake applications that masquerade as real apps, leading unwitting victims into downloading keyloggers, ransomware, or spyware dressed up as fitness-tracking tools or cryptocurrency apps. These apps are typically disseminated through unofficial app stores.
How to check if your phone has been compromised
There are a couple of fairly telltale signs that your smartphone may have been compromised:
“The most common signs of a device being compromised are that the battery gets drained faster than usual, you experience spikes in your internet data usage although your browsing habits haven’t changed, your GPS feature or internet (either Wi-Fi or mobile data) can be enabled or disabled by itself, and random ad pop-ups or unknown apps being installed without you authorizing it,” says Stefanko.
Another sign is that apps that previously worked just fine start to exhibit weird behavior, including suddenly starting up, closing, or failing altogether and showing unexpected errors.
However, says Stefanko, this is not limited just to apps – you may observe that your smartphone and its system start to act oddly as well.
Other signs of your device being compromised include you or your contact receiving strange calls or strange messages, or your call and text message history include weird and unknown entries due to some types of malware attempting to make calls or send messages to premium international numbers.
And let us not forget one of the most obvious signs: if your Android phone has been hit by ransomware, you’ll simply be locked out of your phone.
My phone has been hacked – how do I fix it?
Once you confirm that your smartphone has been infested with malware, instead of chucking the gadget in the bin, it’s time to identify the culprit and remove it. For example, in the case of unwanted and annoying pop-up ads, you can identify which app is responsible for their appearance by opening the recent apps menu and long pressing on the app’s icon.
To illustrate, let’s look at the following example of an annoying pop-up ad. We open the recent apps, which shows that the app has an all-black icon, we then long press on the culprit’s icon and take a look at its permissions and then uninstall it.
- A full-screen pop-up ad appears.
- Tapping on the recent apps button/menu reveals the app responsible for displaying the ad.
- In this case the app has a solid black icon, making it less obvious where to click.
- After performing a long-press gesture on that icon, we go to the App info for that app, inspect its permissions, etc., and uninstall it.
While the Android 9 and older versions of the operating system allowed malicious apps to hide their icons, since Android 10 this has been impossible. The loophole previously allowed malware to impersonate other apps or to attempt to hide itself by using a blank icon and without having any name, as seen in the following screenshot.
However, in general, there are two common ways to remove most types of malware from your compromised device – automatic and manual. The former is very easy and straightforward – download and install a reputable mobile security solution that will scan your device for threats and remove them.
Manual removal is usually possible, but considerably more complicated. Removing a malicious app isn’t always straightforward, because malware often has prevention mechanisms coded into it to act as fail-safes the prevent users from uninstalling it.
“In case you encounter a similar problem when you’re trying to rid your device of malware, you can boot up your device in Safe Mode and remove the app that you believe is causing your device to perform harmful actions,” Stefanko says.
Keep malware off your phone
When it comes to mitigating the chances of your device being compromised by malware, there aren’t any magic fixes or one-click solutions. However, following a combination of preventive and proactive steps will go a long way towards keeping you safe from threats:
- Update both your operating system and apps as soon as the latest versions are available,
- Have a backup of your data safely stored away in case your device gets compromised,
- Use a reputable mobile security solution with a proven track record to protect you from most threats,
- Stick to the official store when downloading apps, and always being sure to check the reviews of both the app and its developer, and
- Be aware of the common tactics that cybercriminals use to infiltrate and compromise devices.