Five signs that your phone has been compromised

By Parvinder Walia January 27, 2016

We don’t know or do enough to protect ourselves online
The first step is to know how to identify malicious activity

Five signs that your phone has been compromised MOBILE users in Asia Pacific are beginning to understand how important it is to protect their devices from malware. As the information stored on our phones becomes increasingly sensitive, the risk of losing it becomes more real, and the consequences of such a loss much more significant.

However, we users in Asia Pacific are still not cyber-savvy enough. While a large proportion of consumers are concerned about malware and cyberthreats, we don’t know or do enough to protect ourselves online.

The first step to protecting devices is to know what measures to take to identify malicious activity. What makes this complicated is that attackers involved in a mobile scam will often take measures to prevent the threat or malware from being noticed by the user.

Delaying the malicious action, using only WiFi networks, or reducing the level of activity when the user is operating the device, are some of the strategies used by malware to conceal itself.

Nonetheless, eventually the malicious activity will have to kick into action, and that’s when you can pay attention to certain signs to detect illegitimate activity.

Here are some of the signs that may indicate that your phone has been compromised:

1) You notice the system or certain apps behaving strangely

One possible clue is the sudden failure of apps that usually work fine. If you haven’t updated the system or the app in question recently, and then unexpectedly that app suddenly starts closing or displaying various error messages, it may be that some malicious code on your device is interfering with its normal running processes.

The malware may try to take advantage of vulnerabilities present in the system’s apps, using them to access permissions that have been granted to them, or to violate the platform and run commands with administrator permissions.

Such attempts to exploit the weaknesses of other apps may result in errors that can be noticed by the user.

Being aware of what apps are installed on your phone will make it easier to identify any app that you didn’t authorise.

Bear in mind that many malicious apps disguise themselves as system components, so an app may be something other than what it appears to be. If the app has requested administrator permissions, you may not be able to uninstall it through the system settings.

For this reason, it’s important to be extremely careful with what permissions you grant to apps when they are installing – or running.

2) Your call or message history includes some unknown entries

Regularly checking your call history for unknown numbers is an excellent habit to adopt. Lots of malware families try to make calls or send messages to premium international numbers.

Such malware ends up having a direct impact on the user, who unjustly has to pay the costs.

This type of malware has been growing significantly and about 50 new examples are detected each month. ESET products identify this type of malware under the Android/TrojanSMS family.

If we analyse the number of new variants of this family that have been created since the start of this year, we can see the extent of this family’s growth.

Unfortunately, our research suggests that this trend shows no sign of decreasing in the near future.

Fastest Growing Android Malware Families in 2015

3) Excessive data usage

Malicious apps may be using the data system to communicate with command and control centres operated by cybercriminals in order to download orders and updates, as well as send back information stolen from the device.

If you usually check how much data your apps use, you will quickly become aware of any changes to the normal pattern.

While checking data usage of an app, be sure to also check the times when the sending and receipt of data is highest and compare this with your use of the device.

If there is an excessive amount of data exchange taking place at times when you don’t use the device, you have grounds for suspecting that something strange is going on.

4) You or your contacts receive strange text messages

One method used a lot by cybercriminals to control infected mobile devices is sending text messages containing commands to be interpreted by the malware, which then takes the corresponding action.

Lots of examples of malware manipulate message logs to delete any such messages that could raise the user’s suspicion, but others don’t bother with such precautionary measures – in which case the user can read the content that is received and sent.

Mobile malware can also send text messages to phone numbers from the user’s list of contacts as a way to propagate itself, using this method to get the recipients to download malicious content via specific links.

If your friends receive strange messages from your phone, you should check what apps are installed on it.

5) Your payment breakdown includes actions you did not make

Sending text messages, making calls, and using the data system will result in increased costs, which the user will be responsible for.

Examining the costs attributed to your mobile phone number on a monthly basis is a good practice to be able to detect any malicious activity quickly.

You also need to take into account the fact that a lot of malware tries to pass through official app stores to steal your credit card data.

For this reason, if you regularly make such payments through your mobile device – or any other platform – you should also check the transactions through such services to ensure there are no unwarranted charges.

Fixing it

Five signs that your phone has been compromised What steps should you take if your phone has been compromised or infected? If for any of the reasons mentioned above, you believe you may have been infected by malware, you can install a trustworthy security solution to scan your device in order to identify the threat.

You can also contact the official customer services provided by the seller so they can look into the problem.

If you have the technical know-how, you can try to remove the threat yourself through a command console.

Furthermore, if you suspect that sensitive information stored on your device may have been stolen, you can change your credentials for accessing any services you have used on your device.

However, remember that prevention is always better than cure.

To avoid any unpleasant experiences when using your device, you should take a proactive and preventive approach to keep the data on your mobile device secure:

Always keep your device’s operating system and apps updated with the latest available versions.

Make a backup copy of all data on the device, or at least the most important data.

Use security solutions provided by a highly reputable company and keep them up to date.

Be sure to use only official stores for downloading apps, where the likelihood of becoming infected by malware is lower – although still not zero.

Use a screen lock, and remember that the pattern may be easy to guess and less secure than a PIN (personal identification number), and that a password is your best option.