Phone hacked or cloned

Hi @Lee Waton,

Welcome to the Community!

I would advise contacting our Live Chat Team as soon as possible.

It may also be worth contacting the manufacturer to see if they can assist.

Kash

Define “acting strange”.

Extensive battery draw could be due to a large number of reasons. They all have something in common, however. The highest draws should be the processor crunching numbers, and the RF pushing data. the command “top” in a shell should list off all the running processes, sorted by their CPU consumption.

The second IMEI is to be expected if the phone supports more than one SIM. eSIM may count.

If your IMEI has been cloned, there’s nothing you can really do about this. It’s just a number. There’s no protection mechanisms like authentication. You could rotate IMEI to another number, but that’s unlawful in most jurisdictions.  The worst possible outcome from your IMEI being cloned is it’s entry into the database of internationally stolen/lost phones.  You’d know pretty rapidly if this was the case as every provider would refuse to service the phone.

If your service has been cloned - and cloning the SIM is more likely, but even more doubtful. This is more the sort of thing you’d do to intercept 2FA text messages etc. You wouldn’t know from the cloned handset. - then ID should be able to identify the hostile handset and work from there. I seriously doubt this is the case.

The phone itself being compromised is the strongest possibility. It is after all a computer, and most users really don’t pay any attention to the software they allow to execute (this includes websites they visit that deliver payloads).  Trying to determine this from a device compromised by a threat actor with even only a modest level of sophistication should be difficult. Once they have control over the device it’s possible they could hide their infection from it.

An even stronger possibility is *you* have installed things with little to no regard to what they are doing. I would advise to back up data you care about - things you readily can’t “just download again”, pitcures etc.  And then factory reset.  This *should* remove anything you’ve done. Unless you’ve rooted the device, or allowed other software to do so, and unlocked it’s bootloader - you should remember doing this. State level threat actors with tools like pegasus aside - then the system partition storing the restore image shouldn’t be accessible to the phone for a write action. It’s a “known good” quantity, use that.

Phones can be compromised, but without the ability to add themselves persistently they’ll exist in userspace.  If the infection is installed, you should be able to uninstall it. Knowing the things you’ve installed would assist in identification of probable suspects.  Otherwise, infections will be resident in RAM and a restart (as in, power off → power on) should ensure the contents of RAM have been cleared.