You’re scrolling through your feed and suddenly the screen flickers. Or maybe you notice a text message in your "sent" folder that you definitely didn't write. That sinking feeling in your gut? It’s usually right. Most people think a hacked phone looks like a movie—scrolling green code and a skull icon—but in reality, it’s much quieter. It's a battery that dies in three hours for no reason. It's your Instagram account following random bot profiles. If you’re wondering what to do if your phone has been hacked, you need to stop panicking and start moving. Speed is everything here.
Honestly, the moment you suspect something is off, your phone shouldn't even be connected to the internet. Hackers rely on a live connection to exfiltrate your photos, messages, and bank details. If you cut the cord, you cut their hands off.
Spotting the invisible: How do you actually know?
It’s rarely a single "gotcha" moment. Instead, look for a cluster of weirdness. Is your phone running hot enough to fry an egg while it’s just sitting on the nightstand? That’s often a sign of malicious background processes or "cryptojacking" scripts running your processor ragged.
Check your data usage. If you see that "Calculator" or some random "Battery Saver" app has uploaded 4GB of data in the last week, you've got a problem. Real apps don't do that. Malware does. You might also see "System Updates" that look slightly off—maybe the font is wrong or the grammar is sketchy. Cybersecurity firm Kaspersky has documented numerous cases where mobile trojans masquerade as legitimate system tools to trick users into granting deep permissions.
Then there are the "Ghost touches." This is when your phone starts opening apps or typing on its own. While this can sometimes be a hardware failure (like a bad digitizer), it’s also a classic symptom of remote access tools (RATs). If someone is remotely controlling your device, they are literally using your screen while you watch.
What to do if your phone has been hacked right now
First thing. Disconnect. Turn off the Wi-Fi. Toggle Airplane Mode. If you can, just power the whole thing down. This buys you thinking time.
Now, grab a different, clean device—a laptop or a friend's phone—and start changing your passwords. Not just the phone passcode. Your primary email is the "Keys to the Kingdom." If a hacker has your Gmail or iCloud password, they can reset every other account you own. Change your banking passwords. Enable Two-Factor Authentication (2FA), but here’s the kicker: do not use SMS-based 2FA. If your phone is compromised, the hacker can see your incoming texts. Use an authenticator app like Google Authenticator or Authy on a different device, or use physical security keys like a YubiKey.
Scour your app list
Once you turn the phone back on (keep the data off for now), go to your settings. Look for apps you don't recognize. Hackers love to hide malware under names like "Sync" or "System Service" or "Weather."
On Android, check "Install unknown apps" in the settings. If you see something there that has permission to install other software, revoke it immediately. For iPhone users, it’s a bit harder because iOS is more locked down, but check your "Profiles & Device Management." If there’s a configuration profile there you didn't manually install for work or a specific VPN, delete it. That profile is often how "stalkerware" manages to bypass Apple's security.
The nuclear option: When to factory reset
Sometimes, you can't just delete an app and call it a day. Sophisticated malware can bury itself deep in the operating system. If you’ve seen unauthorized bank transfers or your private photos are being leaked, you need to go nuclear.
A factory reset is the only way to be 100% sure. But wait. Don't just hit "Reset" and then restore from your last backup. If you restore from a backup made while the phone was hacked, you’re just inviting the virus back into the house. You have to set it up as a "New Device." It sucks. You’ll lose your message history and some app data. But it's better than having a Russian bot farm living in your pocket.
According to Norton, many modern mobile threats survive simple reboots. They persist. A full wipe clears the cache, the system partition, and the user data where these scripts hide.
The SIM Swap: A different kind of nightmare
Sometimes the "hack" isn't even on your phone. If your phone suddenly says "No Service" or "SOS Only" in an area where you usually have five bars, you might be a victim of a SIM swap.
This is where a criminal calls your carrier (Verizon, AT&T, T-Mobile), pretends to be you, and convinces them to port your phone number to a new SIM card in their phone. Suddenly, all your calls and 2FA texts go to them. They don't need to "hack" your device software because they've stolen your identity at the network level.
✨ Don't miss: Finding a 15 inch laptop sleeve that actually fits your bag (and your life)
If this happens:
- Call your carrier from a different phone immediately.
- Tell them you are a victim of fraud.
- Ask them to "Port Lock" your account.
- Call your bank. Now.
Beyond the device: Cleaning up the digital trail
What most people get wrong about what do you do if your phone has been hacked is focusing only on the hardware. The phone is just the doorway. Once they're through, they've touched your whole life.
Check your "Logged in devices" on Google, Facebook, and Instagram. If you see a login from a city you've never been to, or a device model you don't own (like a "Linux" device or an old Android model), hit "Log Out" on all sessions.
You should also check your sent emails and your "Trash" folder. Hackers often set up "filters" in your email so that any messages from your bank are automatically deleted or forwarded to a different address. You won't even know your password was changed because the notification email never hit your inbox.
Practical steps to stay clean
Once you’ve recovered, you can’t go back to your old habits.
- Update everything. Those annoying "System Update" notifications? They usually contain security patches for "Zero-Day" vulnerabilities that hackers are currently exploiting.
- Stop using public Wi-Fi without a reputable VPN. "Free Airport WiFi" is a playground for "Man-in-the-Middle" attacks.
- Audit your permissions. Does that flashlight app really need access to your contacts and your microphone? No. It doesn't.
- Use a Password Manager. Stop using "Password123" for everything. Use something like Bitwarden or 1Password to generate unique, 20-character strings for every site.
- Check HaveIBeenPwned. This site, run by security researcher Troy Hunt, is the gold standard. Put in your email and see which data breaches you were caught in. If your email was leaked in the 2024 Ticketmaster breach or the older LinkedIn leaks, that’s likely how they got your password.
Moving forward with a "Clean" Phone
Recovery is a process. It’s not just a one-click fix. After you've reset your device and secured your accounts, monitor your credit report for a few months. Tools like Credit Karma or your banking app's built-in monitoring can alert you if someone tries to open a credit card in your name using the info they stole from your phone.
💡 You might also like: Why 2 wheels in front 1 in back is actually the superior way to ride
Honestly, the best defense is just being a little bit paranoid. If a link looks weird, don't click it. If an app asks for too much info, delete it. If your phone starts acting possessed, treat it like it is.
Next Actions for Recovery:
- Step 1: Enable a "SIM PIN" in your phone settings to prevent physical SIM theft.
- Step 2: Call your cellular provider and request a "Transfer Freeze" or "Port-Out Protection."
- Step 3: Review your Google or Apple "Purchases" to ensure no premium subscriptions were signed up for in the background.
- Step 4: Replace any saved credit cards in your mobile wallet (Apple Pay/Google Pay) if you suspect the device was accessed while unlocked.