Discovered that last week my phone was remotely controlled / hacked. The hacker intentionally left evidence that he entered my phone, like saving a screenshot and making a shopee purchase (that was later cancelled as it was not paid).

Not sure what else he did on my phone.

Need advice. What should I do now to secure my phone? I looked through my apps list and didn't find anything suspicious. Also, there doesn't seem to be suspicious data usage during that period when he accessed my phone.

I downloaded a bunch of anti-malware / anti-spyware apps and scanned my phone, but nothing came up.

I am thinking of changing passwords for my more important accounts like google and such, and I am concerned he may have installed something on my phone to capture what I key in (maybe that's why he left evidence that he entered my phone.. to prompt password change).

The nuclear option would be to factory reset my phone but at the moment, there are some important work-related apps on my phone that makes that difficult.

Also, I read that my sim may also be compromised. Should I change to a new sim?

based on wat u describe

and u still stubborn enough to not exercise any protection step.

my only advise

wait it escalate until u decided to take it seriously.

What phone ? Installed any apk

Factory reset. You may click or downloaded illegal apps to allow such access

install endpoint security after factory reset

This post has been edited by observ: May 12 2024, 12:21 PM

important work-related apps on my phone that makes that difficult

this look sus

Go deep into file and folders to check any suspicion apps Go through all running process.

Okay, an update. One other thing I noticed the hacker did was sent an SMS to 32563 to subscribe for some game/content subscription. My hotlink got charged RM5. I have since sent another SMS to the same number to disable the subscription. He also sent a random photo to one of my fb contacts. From his actions, he obviously wanted me to know that my phone was compromised.

Not sure what else he did on my phone while it was hacked.

Also, I have since replaced the sim card to be safe, and changed all my passwords. I have also disabled all call forwarding (it didn't seem to be enabled).

I am still not sure how my phone was compromised. From what I read, bluetooth is a possible security flaw, and my bluetooth was on at the time. Have since disabled it.

Also, at the time, I had a second sim in my phone (that I purchased from shopee for data in Japan) that I forgot to remove from my phone after my trip was over. It has since been removed.. again, not sure if that was a possible entry point.

I am using Note 10+ and yeah, I just found out that they have stopped providing security updates since Sep last year, so maybe the hacker exploited a security loophole in Android 12 that wasn't patched. Looks like I may have to buy a new phone if I want the latest security patches.

Before this incident, I have been generally careful about suspicious texts and I don't typically click on any phishing links or open any suspicious files. I also did not knowingly installed any APK files. So kinda baffled how this happened.

The past few days have been stressful.

This post has been edited by Par@dox: May 14 2024, 09:05 PM

It's mobile token generator for remote office as I generally work remotely.

I remember it being a pain to install on my phone.. but looks like no choice but to reinstall it again after factory reset.

Hmm.. how do I "go deep into file and folders" for my phone?

Thus far, I have checked data usage and running apps via the normal UI, and did not come across anything that is blatantly suspicious. To be safe, I disabled whatever that I wasn't sure of.

Could the suspicious apps be hidden from the normal UI?