Hackers can implant malware in your computer, phone or tablet without you knowing. And the entry points vary from websites that spoof legitimate ones to an innocent-looking link in your email.
The scariest thing is not knowing your device is infected until it’s too late. ChromeLoader, for example, hijacks your browser to redirect traffic to advertisement websites. Even worse, the malware can be used to steal usernames and passwords.
We have bad news if you’re worried about hackers accessing your data and private information. Anyone can purchase commercially available hacking tools, including those who should be looking out for your best interests.
Google has been tracking commercial spyware tools for years and put out a blog post detailing “government-backed actors” targeting victims in Italy and Kazakhstan. The spyware was attributed to an Italian vendor called RCS Labs.
Cybersecurity company Lookout Research named the spyware “Hermit” and revealed its suspicions that a telecommunications company called Tykelab Srl is acting as a front company. The spyware is being used to spy on both iPhone and Android users.
Companies like RCS Labs make no secret that their clientele consists of law enforcement agencies using the surveillance software. The issue is there’s no limit to who they can watch. Lookout Research says the list of targets includes business executives, human rights activists, journalists, academics and government officials.
How the spyware makes its way into your phone
The spyware impersonates legitimate companies, such as ISPs and smartphone manufacturers. The malware can disable your data connection and send you a link via text message to recover it. You’re prompted to download a malicious application when you open this link.
The spyware’s other trick is disguising itself as a messaging application such as Facebook Messenger or WhatsApp. The victim sees a page asking them to install an application to recover their account.
Once it’s in your phone, Hermit can take screenshots, record audio and access your contacts, camera, messages, calendar and more.
Hackers are getting sneakier
The findings from security researchers are troubling. Governments may be working with telecommunications companies and ISPs to gain access to people’s phones. This will make it much harder to detect these types of attacks.
Google is alerting Android victims targeted by the campaign, and Apple told Reuters it “revoked all known accounts and certificates associated with this hacking campaign.”
How do you know your phone’s been hacked?
What are the signs that your phone’s been compromised? Here are some things to watch for:
- Your phone is running at a snail’s pace. Malware eats up a lot of resources and your phone has to work overtime to keep up.
- Ouch! Your phone is hot. Heavy data usage as a result of malware can lead to an excessively hot phone.
- Battery drain. Any background activity affects your battery life and there’s no bigger culprit than malware, which constantly runs even when you shut down everything else.
- You’re using way more data than usual. Various types of malware use data to spy on your activity and relay the information back to threat actors.
- Sudden pop-ups. If pop-up ads and notifications appear out of nowhere, your phone is likely infected. The same goes for unwanted reminders and “system” warnings.
If your phone’s been hacked, your first step is to back up your data.
Following that, remove any recent apps you installed that may have acted as a Trojan horse for malware. Then run an antivirus program to check for and remove any threats (more on that below).
How to protect yourself
You can never be too careful when it comes to keeping your devices secure. Here are some good practices to keep in mind:
- Keep your phone’s operating system up to date. Apple’s iOS is up to version 15.5, and the latest Android OS version is 12.1.
- Be very careful when clicking on ads or opening links. If you aren’t expecting it or don’t know the sender of a text or email, stay away.
- Only download apps from official app stores. Avoid all others like the plague.
- Always have a trusted antivirus program running on all your devices. We recommend our sponsor, TotalAV. This award-winning antivirus security suite offers built-in adware, ransomware and malware protection.