13 min read

1. Signs of a Hacked or Cloned Android Phone

A phone which has been cloned will receive calls from people who are attributing the recipient phone number to the person who now has the cloned phone. This happens because the person who cloned the phone wants to know who has the cloned phone number and will tell everyone they know to call the cloned number hoping it will ring the phone in question. This is because the call will use the ‘call divert’ function and internally dial on the original phone, however, the call will appear to the recipient as a call from someone whose number they recognize.Another symptom of a cloned phone is if you receive any billing statements or notices for activity which you did not perform. This activity is likely to be from the person who now has the cloned phone. When a phone is cloned, the billing and call data will be identically synchronized with the original, as it is an exact copy. This means that call data and billing will appear for calls that you never made.If it takes longer than usual to power up the device, the chances are that the phone has been cloned. This is because the IMEI number represents the hardware and is also the key device identifier. When an IMEI number is used to report a phone as stolen and has it barred, it is not possible to register another SIM card in that phone from a different service provider. If someone tries to do this, the phone only works using the Wi-Fi and the CPU will be constantly processing to register the barred IMEI to enable the new SIM card to work. This will result in the same kind of rapid battery drain and poor performance as a hacked phone.Android phones that are hacked or cloned often demonstrate unusual performance. The battery may drain quickly, even when it has not been used much. The phone’s performance may also be erratic since the CPU is always working at full capacity. Finally, the phone may experience sudden shutdown and restart. These symptoms may also be due to a hardware problem, so you should also consider other possibilities.

1.1. Unusual Battery Drain

A common sign of a hacked phone is unusually high data usage. Malware can send premium texts, or phone numbers can charge directly to a phone bill. Cyber criminals can hack into a phone and use the camera to spy. Not only can they use the camera, but they can also listen in using the phone’s microphone. Taking a look at the data usage can be another telltale sign. If you find that your data usage and billing is excessive, it’s a sure sign that something is wrong with your phone. Android phones have a significant amount of settings related to internet data usage. You can find these options in the settings menu and data usage. It will allow you to see how much data your phone has used, set up a data limit, or restrict data usage to only WiFi. Checking these settings can help determine if someone else is using your data.

1.2. Slow Performance or Freezing

The slowdown of the device’s performance is a common symptom of a problematic and potentially hacked Android phone. Malware has a tendency to install additional applications which can cause your device to become unresponsive or exhibit other issues. If you have noticed that your phone is running considerably slower, or that certain applications will not run now or are giving error messages, this can be a sign that your phone is infected. A common way to determine if this is the case is to simply check your device’s processor usage, which can be done by going to settings > about phone > battery use. The next warning sign is if you notice that your device frequently freezes or completely locks up, requiring a restart. Although this can be a symptom of aging hardware, it can also be an effect of malware. The malware that has infected your device may also be programmed to start up when the device is turned on. It is during this point in time where the malware can gather sensitive information from the user so that it can later be transmitted to a third party. To do this, the malware will take up a portion of the device’s data and processing power in order to transmit this information and carry out additional tasks. This can cause the device to become considerably slow and cause large amounts of mobile data usage. If you have noticed unexpectedly high data use or your data plan seems to be running out much faster than it should, it may be wise to consider the possibility of malware or a virus on your device.

1.3. Unexpected Data Usage

If your device is connected to the internet with Wi-Fi on or using mobile data, you might see an increase in data usage. This could be due to the fact that a connection is being used to send information from your phone to another location. Many applications will utilize data in the background, but if you see higher than usual data usage despite having no additional applications or high information usage, this could be a sign that your phone is infected with malware. Some further culprits for high data usage are that your phone may be trying to send location info back to the hackers so they can identify where you are and give relevant advertisements, and on the other hand your phone may be attempting to sync out with the original (if your phone is a clone) so that all information on it is ‘delivered’ to the original, or back to specialized site where the hackers can view all of your data.

1.4. Strange Pop-ups or Advertisements

A hacked phone often will revert to a slow performance state due to use of malware. This is a symptom possibly associated with many different problems and while it is usually not indicative of hacking on its own, it increases the likelihood that the phone is infected by some form of virus.A phone recently infected with a virus may show none of these symptoms; it may run normally and in fact the only obvious sign of infection may be that the battery runs down faster than normal. But sooner or later the virus will, in many instances, attempt to spread itself using Bluetooth. This is a useful feature to detect viruses, but by the time the pop-ups start, it is likely that other more serious damage has been done, such as loss or corruption of data, or unauthorized sending of SMS from the phone. In this case, reverting to factory system settings and changing all PIN codes and passwords (including replacing the SIM card) is recommended. This may not always get rid of the infection, in which case the surest way to clean the phone is by unpacking the firmware package from the phone manufacturer using a PC. This will overwrite all existing data with the latest version of the phone’s operating system.One very obvious sign that your Android phone has been hacked is when strange pop-ups and unasked-for opening of web pages keep occurring. The phone must be connected to the internet for the pop-ups to occur.

2. Detecting a Virus on Your Android Phone

When it comes to viruses, most people assume that they use their phone without precautions and deal with the puzzle of “why is my phone so slow?” This is because they have little knowledge about how a phone gets a virus. One of the ways is that viruses often come from data that we get from the internet, such as downloading a file to a computer and transferring it to a phone. Another reason is that they often click on an unfamiliar link that will download viruses without realizing it. A virus can cause many problems like slow performance of the phone, lots of ads coming from notifications, making the battery run out too fast, and some apps not working properly. Now the question is how to detect a virus. Usually, an antivirus will automatically detect it once it’s installed, but for those who don’t have antivirus, especially for Android users, they can follow these steps. The first step is to install a reliable antivirus app. Usually, an antivirus will detect a virus when the app is opened for the first time. It may notify that the app is clean or there is a threat in the app. A reliable antivirus usually updates its virus database regularly to increase its detection rate against new viruses. A paid antivirus is not always good. There are several free antiviruses that are good enough like Avast and Kaspersky. The second step is to scan your device regularly. The app can be set to scan all apps automatically once the app is installed. Manual scan can also be performed through settings on the antivirus app. The third step is to be cautious of suspicious apps or downloads. Suspicious here means the app is rarely downloaded, has little information about the app, or the app is actually malware or a mod of another app. Usually, a mod app contains malware because in modding an app, the permission to change an app is very open compared to a standard user.

2.1. Install a Reliable Antivirus App

Your device can become infected with malicious software by downloading a range of apps from the internet. The best way of preventing infection is to install an antivirus app on your device. There are a range of antivirus apps available on the Google Play Store with the most popular being Lookout Mobile Security, AVG Antivirus, and Dr. Web. These apps enable you to perform a range of functions including scanning your device for viruses and malware while also allowing you to examine if an app is safe to install. After installing the antivirus app of your choice, it is as simple as following the on-screen instructions to run a scan on your device. If any malicious software is detected, the antivirus will usually prompt you to choose whether you want to quarantine the app, which moves it to a safe location on your device that the antivirus app can control, or completely remove the app from your device. The antivirus will likely suggest that you also perform a full system scan for a more comprehensive clean of your device.

2.2. Scan Your Device Regularly

Lookout is very effective at helping you prevent the installation of harmful apps. If the app’s ‘Safe Browsing’ feature detects a website is unsafe, it will warn you of the potential threat before you even visit it. Should the file of an app you are intending to install be flagged as harmful, you will again be warned of the potential threat. On the premium version, Lookout also automatically scans any new apps or app updates that you download. This is a very useful addition to the service, but overall, Lookout is an extremely effective tool for reducing the risk of acquiring a harmful virus or app.The best scanner currently available for Android devices is ‘Lookout Mobile Security’. Lookout is a very comprehensive security app, with a wide range of features from anti-virus and malware detection to locating your lost device by GPS and backing up your contacts. It is available in both free and premium versions, with the free version offering a basic level of protection. Lookout has a very user-friendly interface and is simple to use. Upon installing the app, it is a good idea to run a scan of your device and SD card straight away to check all of your current apps and files from the outset.A virus scanner is a vital piece of software for keeping your Android device healthy and secure. You should be scanning your device regularly; our recommendation is to do this at least once a week. It is especially important to do after visiting potentially harmful websites or after a “drive-by download” — a download that installs itself simply by visiting a webpage.

Here are 10 products on Amazon recommended by USA-Cybersecurity that can help Android device users determine if their device has been hacked, cloned, or has a virus:

  1. Norton Mobile Security: Offers robust protection for Android devices with features like anti-phishing and identity theft monitoring. It provides a comprehensive security suite for mobile and PC users.
  2. Bitdefender Mobile Security: Known for its lightweight malware scanner and a fast VPN, Bitdefender Mobile Security offers real-time protection and innovative app behavior monitoring to alert users of any suspicious activities.
  3. McAfee Mobile Security: Provides excellent malware protection and web security features, including anti-phishing and a Wi-Fi scanner. It’s particularly strong in protecting against malicious downloads and unsecured hotspots.
  4. Kaspersky Internet Security for Android: This software is designed to protect Android devices from malware and includes features like anti-theft and privacy protection.
  5. AVG AntiVirus FREE for Android: Provides basic antivirus protection plus privacy and performance tools, making it a solid choice for comprehensive security maintenance on Android devices.
  6. Avast Mobile Security: Another popular choice that offers a range of features including antivirus protection, app locking, and call blocker to keep Android devices secure.
  7. ESET Mobile Security & Antivirus: Features an antivirus as well as a real-time scanning and security audit tool to check device security status.
  8. Trend Micro Mobile Security & Antivirus: Offers robust protection against malware and ransomware, includes privacy scanning, and safe surfing features to protect data.
  9. Lookout Security & Antivirus: Provides comprehensive security features including malware protection, system advisor, and safe browsing.
  10. Malwarebytes Security: Known for its effective removal of malware and ransomware, it also provides privacy audits for all apps to manage data access and control.

These tools are specifically designed to help Android users identify and respond to security threats like malware, hacking, or cloning by providing real-time protection, scanning capabilities, and system monitoring. Each product has a variety of features to suit different needs, from basic virus removal to more advanced internet security solutions.

2.3. Be Cautious of Suspicious Apps or Downloads

Be particularly cautious of app downloads. Most of the malicious attacks on an Android phone come from apps that are downloaded and installed. The best thing you can do if you notice suspicious activity is to uninstall the app in question. In some cases, the app may have administrator privileges, in which case you will need to do some extra work to uninstall it. Typically, if the phone is acting strangely, you will want to boot into safe mode to prevent the app from running. To do this, you will need to look up the specific instructions for your device, as the method can vary. After successfully booting into safe mode, you can go into the settings and then device administrators. Deselect the admin for the app in question and now you will be able to uninstall it, after which the phone should return to normal. It is important to remember to only download apps from official app stores, such as Google Play. While this does not guarantee the app is safe, it is much less likely to encounter a malicious app here. Another thing to be wary of is the app permissions. Before installing an app, take note of the permissions it requires. If an app is requesting permissions that don’t correlate with its function, it may be wise to avoid that app. For example, a simple game app requiring access to your contacts and messages is suspicious.

3. Steps to Secure Your Android Phone

Beginning with software updates, a vast majority of security exploits in any platform can be blocked by making sure your device is up to date. On an Android phone, these updates can take place in many different forms. Typically, when a System Update is available, a notification will be sent to you alerting you of this. You can manually check if an update is available by going to: Settings > About phone > System Updates. Be wary of updating your phone with custom ROMs and software as this can lead to a higher risk of bricking your device and has potentially severe security implications. Regular system updates can often protect against malicious apps that can come from untrusted sources. These can be disabled in the Security section in Settings under ‘Unknown sources’, it is strongly advised that this option is unchecked for the best security. Always ensure, no matter how tempting, that app downloads come from a reliable source. Usually this is the Google Play store, and before installation, the app should show good ratings along with a decent number of downloads. A thorough read through the app’s reviews also helps to ensure it is reputable.

3.1. Keep Your Phone’s Software Updated

It is worthwhile repeating that most Android phone infections result from downloading and installing untrustworthy APK files. These are often sourced from third-party app stores — an alternative to the Google Play Store. It has always been recommended to avoid such app stores and only download apps from Google’s official market. However, in recent years, Google has taken measures to improve Android security to the extent that it has become significantly more difficult for malware to make its way onto the Play Store. With this in mind, the average user is still safest using the default Google Play Store for all app downloads.When you lose your phone, break it, or are in some way required to buy a new one, it can be frustrating to start afresh with none of your old data. Backing up data will enable you to transfer all your old data from your previous device to a brand new one. Most of your important information will likely be stored on Google’s servers, so it’s only a matter of selecting the option to restore your data to the new device. Doing so will enable you to enjoy a clean slate with optimal performance, as opposed to continuing on with the cluttered outdated data from your previous device.Another way to keep your phone’s software up to date is to perform a regular backup of your data. Over time, the data on your smartphone becomes cluttered with long-forgotten information and unnecessary cache files. This can cause performance issues when running your favorite apps or using your phone to browse the internet.

3.2. Set Strong and Unique Passwords/PINs

Certainly, setting a strong password ensures security to a great extent because it acts as a protective layer for the vital information you do not wish to share with the world. If it is something important, there are high chances you might become a victim of a hacking attempt to get hold of that information. There are different ways how your phone can be hacked, which include a hacking attempt made by connecting it to a computer, trying to unlock your device, installation of software on your device, or remotely hacking your device via the internet. The most common and direct type of hacking is by trying to unlock your Android device. An Android lock screen can be of different types — password, PIN, pattern, or the latest one being face detection. The security offered by these, in the same order, is greatest to least. If you have some information on your device that you cannot afford to lose, then the first thing you should do is change the lock screen to a password. Passwords give your device the highest level of security, and regardless of the type, they are the most difficult to bypass. High-level security officials most commonly use alphanumeric passwords in comparison to simple passwords.

3.3. Enable Two-Factor Authentication

Two-Factor Authentication (2FA) is one of the best ways to keep your accounts secure. Many services are starting to add 2FA via SMS as an option when logging into accounts and the Google Authenticator app can be used for most of those. With 2FA enabled, no one will be able to access your account without your phone and the code. If your account is logged into and the phone number is changed without your consent, you’d be able to stop that login and investigate what happened. This is because logging in from a new location requires the code and the code is only available from the phone. Enabling 2FA is generally easy and quick to do. We try to maintain the most accurate steps possible but in some cases, the following may have changed if the service updated their website. This is the most recent updated published and tested June 2015.

3.4. Avoid Unsecured Wi-Fi Networks

There are times where we allow our leisure to be the source of our woes. It is essential to keep in mind that there are two types of Wi-Fi network, secured and unsecured. Secured networks prompt the user for a password during the first time that they connect to that network and the Wi-Fi connection is then saved on the device for future use. Unsecured networks are the complete opposite, these network connections do not require passwords and can be accessed by anybody within range. Connecting to a secured network is usually safe due to the fact that it was installed by the owner with consent, your device already has the password so no new installation is required, Wi-Fi modules automatically search for remembered connections and newer devices can often distinguish between previously used secured networks and networks that are within range. Unsecured networks often prompt the user to “Forget Network” or provide no distinction between remembered/unremembered secured networks and should be avoided at all costs for the purpose of maintaining privacy and security. The prompt for software installation is a given that a virus is likely to follow. Usually the software installation prompt is given in a language where the user can understand or is familiar with, and this is widely used by cyber-criminals to dupe unwitting users into installing malicious software. An example would be a popup claiming that the user has won a prize and needs to enter their personal data to claim the prize, upon entering the data it is recommended to assume that the data has been stolen and to take the necessary security measures. It is important to be aware that some unsecured networks may have redirected the user to a log in page upon connecting to the network, due to most HTTP webpages redirecting to the log in page to HTTPS, there are instances where the page is a dummy page designed by cyber-criminals to steal login information for accounts that the user may access. For this reason, it is recommended that the user only access websites that do not require login personal login information and to avoid accessing accounts that store sensitive data. Examples of sites to be accessed are general news pages or blogs.

3.5. Backup Your Data Regularly

Your Android phone probably contains a great deal of data that needs to be backed up. In some way or another, you’ve hopefully already been backing up your data. If you were hacked, getting your phone back to where it was will be incredibly hard or impossible without a complete wipe and reset. If wiping and starting new, making sure your data has been backed up is especially valuable in that case. Here are some common items you may have and want to backup and methods for doing so. Make sure before wiping and selling or getting a new phone, you’ve successfully done restores and made sure that your federal of back up actually works and contains the information you need. Keep in mind that some carriers store SMS and call logs and may assist in moving them to a new phone, but possession of certain call logs or text messages is subject to court orders and often not possible to get. High level Android users may want to consider root and a complete nandroid backup as a means of server data. High-level root users will likely already know about nandroid backups so that is all will say about that.

4. Seeking Professional Help

Consulting a cybersecurity expert is also a good solution, especially if your phone has sensitive data. They can have a look at your cellphone and diagnose the issue. If the problem can be identified and rectified in a short amount of time, it might be cost-effective to use their services at an hourly rate. However, if the malware has done a significant amount of damage, it may be a costly affair. In this situation, it would be better to scrap the old device and replace it with a new one. Also, a cybersecurity expert cannot guarantee that the issue is fixable within the given time, so contacting the mobile service provider afterwards is a good course of action.It is much preferable to opt for professional help, especially from your mobile service provider, who can provide the best advice given that they have detailed knowledge of the current status of the network. They can even guide you in resetting your cellphone to the original factory setting, which is a really good course of action against thorough infections, at the cost of losing all the data that you might have retained on your phone. This is really useful advice and information which you wouldn’t have been able to procure had you not contacted the mobile service provider.

4.1. Contacting Your Mobile Service Provider

If you have tried all the above steps to no avail, then it is time to contact your mobile service provider. They are a good first-step resource for tracking down suspicious behavior for a few reasons. For one, as with any service, mobile phone service providers want to keep their customers happy. Anytime a customer feels that their security has been compromised, that is a serious issue with their service for the provider. Also, mobile service providers have access to the network connections to your phone. In general, at least in the United States, if you are being attacked by a persistent hacker, meaning someone is specifically and methodically targeting you to cause harm, this is a federal offense and mobile service providers are more able to track these network connections and identify the source of the attack. Keep in mind, however, that the service representative that you speak to may not be informed of the technical details of cybersecurity. At this point, be insistent that you are provided with detailed logs of your network activity during the specified time of the incident. If you are actually dealing with a skilled hacker that is employing methods to pivot through different compromised systems so as to not be traced, these network logs may very well identify connections that do not seem to be related to the issue at hand. In some cases, if you believe that you are in imminent danger due to an advanced persistent threat, a lawsuit and subpoena of those network logs may be a necessary action. By working with evidence from network logs, you can determine if the problem was due to a security threat originating from the phone itself or merely a network-based attack to a specific service. If it appears that the problem was an issue with an Android-based security threat, these logs can be useful for determining the method of infection and possible identification of malware if a similar analysis can be done on the phone itself. Due to privacy laws and regulations, mobile service providers have limited ability to access information on the phones themselves or offer specific advice for mobile security. In the case that you have identified a malware issue and your service provider advertises security software, they may be able to offer that software for free, and in some cases, it is able to identify the specific trojan or virus and repair the damage. Finally, if you believe that the security threat was a result of a cheap clone of your phone, contact with a legal representative may be necessary on the issue of damages and an attempt to track the source of the counterfeit device.

4.2. Consulting a Cybersecurity Expert

For more serious forms of security breaches like identity theft or extensive data loss, it may be worth it to seek consultation with a cybersecurity expert. Cybersecurity experts are experienced with dealing with a variety of hacking incidents and can keep your issue confidential. Unfortunately, services of professional cybersecurity companies are usually very expensive and their work time-consuming. As there are no authoritative resources for finding cybersecurity help, it is best to ask your most tech-savvy acquaintances if they know of any reliable services. Cybersecurity consultants will usually require access to the device as well as direct details regarding the issue. Note, it is important to verify the consultant’s credibility. There have been many incidents of scammers posing as tech consultants as well as data interception in between communication of the issue. If you happen to have extensive knowledge and experience with IT, it may be beneficial to ask the consultant to explain methods to deal with the issue, although this is unfeasible for many.Contact USA-Cybersecurity