• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

How to tell if Android phone has spyware or cloned

Mellark

Lurker
Jun 25, 2011
2
0
I need help in trying to figure out if my phone has sometime of spyware or could be possibly cloned. I have a Samsung Epic 4g with Sprint. Finally after months and months of trying to get Sprint to help me they are now involved because of my complaint with the FCC but still they are a little dumbfounded at the moment with what is going on with the phone. Below are a list of events with the phone:

1) The day I purchased the phone with was in the possession of a coworker and fellow Sprint customer/Android user/and self proclaimed hacker. He had the phone for at least 30 minutes while 'checking it out'. He said he did download an app to it that I needed but I do not remember what it was.

2) The following day my new phone sent out just over 300 text messages in a span of a bout 5 minutes. These text messages were actual text messages that had been sent weeks and months earlier off of my previous phone (Samsung Reclaim) and obviously not my new phone that I had less then 24 hours. The text messages sent were to only two specific people. Meaning the phone didn't sent out any other text conversations I had on the previous phone to other contacts.

3) Three weeks later my phone was 'stolen' and three weeks after it was stolen and I already had a replacement the phone the stolen Epic miraciously reappeared at the bar it was stolen at.

4) My coworker that had the Epic on the day I purchased it wanted to buy my replacement phone. I gave him the replacement phone and kept my original Epic. When I gave him the replacement Epic I mistakenly gave him the box of the original Epic that I kept. I also gave him my sprint.com username and password thinking he would need it to get service into his name.

5) Three days after I gave the replacement Epic to the 'friend'/coworker I started getting text messages from a number I did not recognize and the person would always claim to be 'me' when I asked who they are.

6) My MSN email had been hacked and this had been an ongoing problem even before I bought the Epic. I removed the MSN email account from my Epic phone and still have numerous Sprint IP addresses hacking my MSN email account.

7) When I would try to reset my password online with MSN and use the text option to send me a reset link to my cell number I would never get the text message

8) Numerous people have claimed they have never got voicemail messages that I have left for them

9) People have claimed to have sent me text messages and I have never received them.

10) I have text messages that have been sent to my phone but they say 'default message' and when Sprint sent me the text detail these text messages do not even appear on the the documentation from Sprint.

11) One individual sent me a text claiming he was responding to my text but I did not sent him one. He was a coworker as well. Some other people are now saying that certain text messages that I have from them they never sent.

12) I downloaded a rootcheck on the phone and it said my phone did not have a root installed but Busybox was loaded on the phone.

13) Some people have reported that they call me and the phone just rings and rings and voicemail does not pick up. I also do not have anything in my call log showing any calls.

14) When the phone is off and I call it it does not go straight to voicemail but rings numerous times and will go to VM

15) I have received text messages from foreign countries trying to advertise something

16) There have been times the phone will go off network and say something like 'no network attached to this phone' even though I have another Sprint Samsung Intercept and the phones will be side by side and that phone works fine.

17) I have had phone numbers added to my contacts list and numbers added to other contacts information.

18) When I confronted the coworker about it he responded to a text message before I sent it; when I rcvd the text detail for that exchange of texts that particular text was a completely different number then his regular Sprint number yet in my phone it is his regular number

19) When I got on my lookout.com account his (coworker that has the replacement Epic) cell phone number was on the account even though he claimed he did a factory reset after I gave him the replacement Epic. I never used Lookout though and was just checking it one day online even though I had never added it to my Epic but it was on the replacement Epic before I gave it to the coworker.

20) My settings have been changed; ringtones changed to silent and alarms disabled to name a few. Also my system time has been changed; I had already set it to default to the regular time but the time had been manually adjusted to be about 3 minutes off.

21) I had a phone call from an unavailable number claiming to be the NSA and that my phone number and IP address were linked to accessing level 3 government documents on wikileaks. It was an automated message and assume it is someone harassing me.

22) Calls that I have actually made are missing from my Sprint bill

I hope this is enough information to give me an idea as to what I am dealing with. The police are involved but so far they are reluctant to do any forensic investigation or even help me. I have also had several break ins to my home; nothing taken but just my computer accessed. To the point nude photos of myself have been emailed off my personal email account. This stalking has been going on for months and I want the responsible individuals brought to justice.

Thank you
 
For future reference, don't lend phones to self proclaimed hackers. If sketchy stuff happens, you clear the phone to factory defaults ASAP at the very least. But you do NOT continue to work with the same dude AND give him sensitive account information!

I don't understand which of the red flags you managed to miss but dude, they were all over the place . . .

Best bet at this point, cancel your phone/account, start a new one, replace all your credit cards, get new information, and DON'T LEND OUT YOUR PHONE TO HACKERS . . . heh. Good luck, man.
 
Upvote 0
First of all I am not a dude.

Second I had no idea about cell phone spyware/hacking/rooting...Sprint didn't give me the memo.

Third this is a criminal case and the authorities are not with it when it comes to even understanding this technology. That is why I posted and you had nothing to offer.

Fourth why did you even respond. I would never wish anyone to be stalked in the manner myself and my family have been because it is not just the phone but home computers/email as well. It is not stopping even since I do not use the phone anymore. Text messages are still being sent as if from my number implicating me as a drug dealer and various other disgusting things.

Fifth the police need to know for certain that it happened the day he was in possession of it before they will do anything.

If you know so much to lash out at me at least provide some insite since all of us are not Android experts as yourself.
 
Upvote 0
Download and install Lookout Mobile Security from the market. Run it, go thru the setup process and let it run a scan on your phone.

Chances are that it won't find anything since it only looks for trojans and malware. It won't help if your phone has been cloned. If that's the case, then Sprint needs to deactivate that account and you need to get a new account/phone.

As for the rest of it, like you said, it's a police matter. If you've had break-ins to your home, then they need to do their job.
 
Upvote 0
I hope this message finds you doing well. I understand. I am there myself. I am on my 5th phone, 5th computer, 3rd operating system. As I put up more road blocks, it has spread to my husband, 13 yr old daughter, brother, mothers on both sides. Get the pictures. Working with police, PIs, forensic experts. If you have any information about how this was resolved with you - I would greatly appreciate it.
For those of you who have not experienced this, you don't have a clue and I hope it never happens to you. You will know it when it does. Your phone will call people, check your voice mail, open files and apps, have unique widgets on the screen every few days. You may watch a widget dance and zig zag across the screen. You will have apps you did not download. You will not be able to call specific people closest to you, no matter how hard you try. People will not receive your text messages, although they show sent. You may notice your data usage skyrocket. I am a programmer by trade, and I have not been able to discover the source. I have switched to an iphone, and it is better, but it has been hacked too within a few weeks. Just different on an iphone. Even the detectives phone is now sending blank messages to my iphone that he did not send! Freaked him out. I too received an unprecedented number of strange calls, even blocked unlisted calls.
If anyone has HELPFUL information, I would greatly appreciate it. Thanks!
 
Upvote 0
Download and install Lookout Mobile Security from the market. Run it, go thru the setup process and let it run a scan on your phone.

Chances are that it won't find anything since it only looks for trojans and malware. It won't help if your phone has been cloned. If that's the case, then Sprint needs to deactivate that account and you need to get a new account/phone.

As for the rest of it, like you said, it's a police matter. If you've had break-ins to your home, then they need to do their job.

First of all I am not a dude.

Second I had no idea about cell phone spyware/hacking/rooting...Sprint didn't give me the memo.

Third this is a criminal case and the authorities are not with it when it comes to even understanding this technology. That is why I posted and you had nothing to offer.

Fourth why did you even respond. I would never wish anyone to be stalked in the manner myself and my family have been because it is not just the phone but home computers/email as well. It is not stopping even since I do not use the phone anymore. Text messages are still being sent as if from my number implicating me as a drug dealer and various other disgusting things.

Fifth the police need to know for certain that it happened the day he was in possession of it before they will do anything.

If you know so much to lash out at me at least provide some insite since all of us are not Android experts as yourself.


I just realized that this post is old. But this has the most identical, almost replica of my situation except for the part where I've always been careful on my device and everyone else's devices in our account.

Ever since that my husband been wrongfully placed to nearby his work inns/motels... I realized that our gadgets aren't always the most dependable and reliable. As well as our email accounts been hacked and bank accounts been hacked as well... so, I was told to install Avast Antivirus app and Malwarebites. Which I thought since may had been working.. although at the back of my head it still felt like something isn't right. So, I have subscribed to Verizon Family Base App where it gives notifications of chosen activities for each of the mobile lines' in the plan. That's when I started seeing each message or call had to be placed twice! I can't understand why only at certain times and inconsistently hopping to different cell phone lines. Also I have noticed, the set of contacts are being switched and it would also go back to the way it was. For example, I see my husband's line calling me with his contacts saved me as mommy, and my daughter receiving my call and had me saved as MyOnlyLoveWife which my daughter would never do. I've received many calls in the past and with just one ring and it'll stop. Also, I get weird voicemails that appears to be accidentally recorded and my husband said he's got no idea what it was even when sometimes (inaccurately) i would guess could that sound almost like you? then he'll say on what line was it left on? and it wasn't his so, instantly there's no way. I've been perceived as annoying and paranoid by the people around me, my teenage son has never been distant to me that he is now, to think even just 2 years ago he would only sleep next to me in my bed whenever his dad is at work which is 12 nights at a time then 2 nights off.. but now he'd rather not talk to me or see me. I can't blame him. But I just know despite this has already taken toll on my health also... finally Verizon has something concrete leaning more to the possibility of having all of the 6 devices in our plan plus 1 tablet has been highly likely cloned! Tomorrow, I am finally looking forward to another day for some better news and resting this case finally from the fraud department that has finally given me some hopes. I desperately need to put this issue a rest and for the first time in my life... I have this eagerness to put whoever has done this to our phone lines behind bars. This isn't a simple joke or some easy to disregard glitch. Having to lose from hackers my hotmail account that I've always had since college years which was January, then February my husband's account which he actually had some at least $3000 taken from his checking account that was wired somewhere in America just by online. To the point where this paranoia plus in laws moving in with us 6 months ago equals "Recipe for Disaster" which in this case my health has taken all the beating... So, whoever this maybe... I'm sorry but this one I have to wish for that person to really suffer.
 
Upvote 0
Same here. Live in Ireland. Don't know what to do. Police doesn't want to take my complaint.
I just realized that this post is old. But this has the most identical, almost replica of my situation except for the part where I've always been careful on my device and everyone else's devices in our account.

Ever since that my husband been wrongfully placed to nearby his work inns/motels... I realized that our gadgets aren't always the most dependable and reliable. As well as our email accounts been hacked and bank accounts been hacked as well... so, I was told to install Avast Antivirus app and Malwarebites. Which I thought since may had been working.. although at the back of my head it still felt like something isn't right. So, I have subscribed to Verizon Family Base App where it gives notifications of chosen activities for each of the mobile lines' in the plan. That's when I started seeing each message or call had to be placed twice! I can't understand why only at certain times and inconsistently hopping to different cell phone lines. Also I have noticed, the set of contacts are being switched and it would also go back to the way it was. For example, I see my husband's line calling me with his contacts saved me as mommy, and my daughter receiving my call and had me saved as MyOnlyLoveWife which my daughter would never do. I've received many calls in the past and with just one ring and it'll stop. Also, I get weird voicemails that appears to be accidentally recorded and my husband said he's got no idea what it was even when sometimes (inaccurately) i would guess could that sound almost like you? then he'll say on what line was it left on? and it wasn't his so, instantly there's no way. I've been perceived as annoying and paranoid by the people around me, my teenage son has never been distant to me that he is now, to think even just 2 years ago he would only sleep next to me in my bed whenever his dad is at work which is 12 nights at a time then 2 nights off.. but now he'd rather not talk to me or see me. I can't blame him. But I just know despite this has already taken toll on my health also... finally Verizon has something concrete leaning more to the possibility of having all of the 6 devices in our plan plus 1 tablet has been highly likely cloned! Tomorrow, I am finally looking forward to another day for some better news and resting this case finally from the fraud department that has finally given me some hopes. I desperately need to put this issue a rest and for the first time in my life... I have this eagerness to put whoever has done this to our phone lines behind bars. This isn't a simple joke or some easy to disregard glitch. Having to lose from hackers my hotmail account that I've always had since college years which was January, then February my husband's account which he actually had some at least $3000 taken from his checking account that was wired somewhere in America just by online. To the point where this paranoia plus in laws moving in with us 6 months ago equals "Recipe for Disaster" which in this case my health has taken all the beating... So, whoever this maybe... I'm sorry but this one I have to wish for that person to really suffer.
 
Upvote 0
Our laptops, mobile phones, tablets, even the brand new computer ( Just the CPU, which my son built by buying components from various buyers and assembled it together. It cost €600 ) and brand new samsung galaxy.
Tried back up and rebooting. Even deleting data completely. It says deleted and back to factory settings. But not true.
Why they are doing not known.
 

Attachments

  • Screenshots_2015-09-26-23-09-53.png
    Screenshots_2015-09-26-23-09-53.png
    1.2 MB · Views: 538
  • Screenshots_2015-09-26-23-09-53.png
    Screenshots_2015-09-26-23-09-53.png
    1.2 MB · Views: 409
Last edited:
Upvote 0
Our laptops, mobile phones, tablets, even the brand new computer ( Just the CPU, which my son built by buying components from various buyers and assembled it together. It cost €600 ) and brand new samsung galaxy.
Tried back up and rebooting. Even deleting data completely. It says deleted and back to factory settings. But not true.
Why they are doing not known.
Screenshots_2015-09-26-23-09-53.png
 
Upvote 0
Hello there @totalfreek and welcome to AF!
The Avatar bit is still a minor bug being worked out, so no worries there.
The "leaked back page" appears to be normal....same thing I get when I do the same "permalink" thing;)

As far as your screenshot here:
not sure what you mean by "empty space".....what do you expect to be there?
 
Upvote 0
-snipped-
Be ashamed for trying to blatently scam innocent forum users just to make a quick buck.

No one can "hack" email passwords, let's not be a fool. You can crack them, but it's sure as hell nowhere near cracking.
You can't hack a social network, I'll give an example of one.
FaceBook; This guy, with absolute 0 reputation, will ask you to send him money to "hack" a social networking site. He'll never respond to you again once that money is sent; Hell, as far as we're concerned this guy can be you. You've only joined today.

Did you just say they can hack ANY OS...? Kali Linux..?
Clear criminal records? You've got to be kidding.
Change university grades? That's impossible.
Bank transfers? Alright, I'm reporting this post.
 
Upvote 0
Be ashamed for trying to blatently scam innocent forum users just to make a quick buck.

No one can "hack" email passwords, let's not be a fool. You can crack them, but it's sure as hell nowhere near cracking.
You can't hack a social network, I'll give an example of one.
FaceBook; This guy, with absolute 0 reputation, will ask you to send him money to "hack" a social networking site. He'll never respond to you again once that money is sent; Hell, as far as we're concerned this guy can be you. You've only joined today.

Did you just say they can hack ANY OS...? Kali Linux..?
Clear criminal records? You've got to be kidding.
Change university grades? That's impossible.
Bank transfers? Alright, I'm reporting this post.
all gone :)
 
Upvote 0
I need help in trying to figure out if my phone has sometime of spyware or could be possibly cloned. I have a Samsung Epic 4g with Sprint. Finally after months and months of trying to get Sprint to help me they are now involved because of my complaint with the FCC but still they are a little dumbfounded at the moment with what is going on with the phone. Below are a list of events with the phone:

1) The day I purchased the phone with was in the possession of a coworker and fellow Sprint customer/Android user/and self proclaimed hacker. He had the phone for at least 30 minutes while 'checking it out'. He said he did download an app to it that I needed but I do not remember what it was.

2) The following day my new phone sent out just over 300 text messages in a span of a bout 5 minutes. These text messages were actual text messages that had been sent weeks and months earlier off of my previous phone (Samsung Reclaim) and obviously not my new phone that I had less then 24 hours. The text messages sent were to only two specific people. Meaning the phone didn't sent out any other text conversations I had on the previous phone to other contacts.

3) Three weeks later my phone was 'stolen' and three weeks after it was stolen and I already had a replacement the phone the stolen Epic miraciously reappeared at the bar it was stolen at.

4) My coworker that had the Epic on the day I purchased it wanted to buy my replacement phone. I gave him the replacement phone and kept my original Epic. When I gave him the replacement Epic I mistakenly gave him the box of the original Epic that I kept. I also gave him my sprint.com username and password thinking he would need it to get service into his name.

5) Three days after I gave the replacement Epic to the 'friend'/coworker I started getting text messages from a number I did not recognize and the person would always claim to be 'me' when I asked who they are.

6) My MSN email had been hacked and this had been an ongoing problem even before I bought the Epic. I removed the MSN email account from my Epic phone and still have numerous Sprint IP addresses hacking my MSN email account.

7) When I would try to reset my password online with MSN and use the text option to send me a reset link to my cell number I would never get the text message

8) Numerous people have claimed they have never got voicemail messages that I have left for them

9) People have claimed to have sent me text messages and I have never received them.

10) I have text messages that have been sent to my phone but they say 'default message' and when Sprint sent me the text detail these text messages do not even appear on the the documentation from Sprint.

11) One individual sent me a text claiming he was responding to my text but I did not sent him one. He was a coworker as well. Some other people are now saying that certain text messages that I have from them they never sent.

12) I downloaded a rootcheck on the phone and it said my phone did not have a root installed but Busybox was loaded on the phone.

13) Some people have reported that they call me and the phone just rings and rings and voicemail does not pick up. I also do not have anything in my call log showing any calls.

14) When the phone is off and I call it it does not go straight to voicemail but rings numerous times and will go to VM

15) I have received text messages from foreign countries trying to advertise something

16) There have been times the phone will go off network and say something like 'no network attached to this phone' even though I have another Sprint Samsung Intercept and the phones will be side by side and that phone works fine.

17) I have had phone numbers added to my contacts list and numbers added to other contacts information.

18) When I confronted the coworker about it he responded to a text message before I sent it; when I rcvd the text detail for that exchange of texts that particular text was a completely different number then his regular Sprint number yet in my phone it is his regular number

19) When I got on my lookout.com account his (coworker that has the replacement Epic) cell phone number was on the account even though he claimed he did a factory reset after I gave him the replacement Epic. I never used Lookout though and was just checking it one day online even though I had never added it to my Epic but it was on the replacement Epic before I gave it to the coworker.

20) My settings have been changed; ringtones changed to silent and alarms disabled to name a few. Also my system time has been changed; I had already set it to default to the regular time but the time had been manually adjusted to be about 3 minutes off.

21) I had a phone call from an unavailable number claiming to be the NSA and that my phone number and IP address were linked to accessing level 3 government documents on wikileaks. It was an automated message and assume it is someone harassing me.

22) Calls that I have actually made are missing from my Sprint bill

I hope this is enough information to give me an idea as to what I am dealing with. The police are involved but so far they are reluctant to do any forensic investigation or even help me. I have also had several break ins to my home; nothing taken but just my computer accessed. To the point nude photos of myself have been emailed off my personal email account. This stalking has been going on for months and I want the responsible individuals brought to justice.

Thank you
 
Upvote 0
using a good file editer i was able to find clone file.problem is it is attached to email and everything i type is logged.clearing phone alone will not do it.i replaced mine and it was back.need to replace email and change all passwords but not from your infected devise.the monent i went to email with new phone it had clon
 
Upvote 0
Mellark hasn't been back since their last post to this thread in 2011, so I doubt you'll get an answer there.

But let's be honest, "spyware" and "cloning" are entirely different things. How easy it is to tell whether you have spyware installed will depend on the spyware, it's unlikely there will be a general, one-size-fits-all answer. But unless you let other people access your phone how is the spyware going to get installed?

As for cloning, that term means altering the IMEI or MEID of a phone to match yours; it doesn't give the cloner magic access to data on your phone, and on a GSM network wouldn't give them access to your service (I don't know about CDMA - as only a few countries have CDMA networks I've no experience of them). What it does do is let a blacklisted phone work again for a period until it is detected and your IMEI was blacklisted as well (which sucks for you). This is one reason you don't post your IMEI in a forum - you don't know who is reading it. I might add that in many countries, including the UK where I am, it is a criminal offence to alter the IMEI (well-designed hardware wouldn't let you do this at all, since there is no legitimate reason for it).
 
  • Like
Reactions: ocnbrze and MrJavi
Upvote 0
The next person that says, "Factory Data Reset".... like, seriously? That only works when you're dealing with idiot hackers. Real hackers will get your IP address, device info, phone number, work in groups and teams of other hackers, set up strategies and schemes, have ground workers, work with gangs, and remotely change the code in your root folders so when you do a factory data reset it just re-installs their hacked versions of your original software. You gotta literally open apps, scripts, java, dot files, etc and read them line by line. Have a secure computer, unhacked phone that you've never called or had contact with because the viruses are spreading to all your contacts, so you can do authentic checksums. These hacker apps are running on autopilot at this point, spreading to everyone in the country. They use powerful hacking software like Armitage to manage thousands of accounts. As the apps gather the necessary info, they get notifications and steal your money or just screw with people for fun. Most of them are meth heads and gang bangers who don't even know what they're doing. But they recruit/know programmers and real hackers who do the hard work.

All of this is possible, and happens without you seeing a thing..unless you are very careful to pay attention to the smallest details and glitches. I've been dealing with it for over a year. My phone was hijacked, money stolen, lost my car and my house. Literally they destroyed my life, as far they think. But I have Christ, so they haven't even phased me. After a year of study, I know for a fact it's hackers. Let me just drop some clues here, and get the conversation going:

1. Sim Jacking
2. Silent Pinging (SMS, etc) they can gather your info without you ever even getting a notification. The whole hack process can happen silently. They can wake your phone, and install all the payloads in just a few minutes while you sleep, or even while you are wide awake and using your phone and you would never know it.
3. OTA updates installing payload
4. Termux
5. Armitage
6. SET (Social Engineering Tool)
8. ADB/Fastboot/Android Shell
9. MetaSploit
10. cSploit
11. VPN crackers
12. Middle-Man Attacks
13. NFC, Low Energy Bluetooth, WiFi, and every other cool connection your phone can make are all open doors for Linux Command Line Hacks
14. Code Injection
15. Event Triggers
16. RAT (Remote Access Tools)
17. TOR, Dark Web
18. Installation dates on brand new phones showing 1970 or 2008.
19. Phone calls, photos, links, texts, can all have embedded code.

The list goes on and on. If a hacker has become fascinated with you, they can gaslight you to bits and make you feel crazy. You're not alone. I just am starting an effort to fight back. The more I learn, the closer I am to defending myself and putting these people in prison. Some people are just evil, and will collect your personal info and post it on websites and forum communities as challenges or revenge. You could have 100 people all taking turns attacking you, sharing information and working together to hack and gaslight you. Some people are evil, with no real motive other than that. It doesn't have to make sense. Inherently, evil people are illogical and don't make sense. Put your faith in Christ, study alot and keep swinging. That's what I've been doing for a year. I'm at the point now that I could hack someone easily, but STILL haven't stopped the people involved hacking me.
 
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones