You think you are being monitored? Don't panic! We are under 0221 64306610 reachable.
Tell us what you suspect!
Mobile Threat & Malware Check
Do you have any questions? Or a specific suspicion?
You think you are being monitored? Don't panic! You can reach us at 0221 64306610.
Smartphone check for spyware, stalkerware and malware
If there is a suspicion that an iPhone or Android device has been compromised, one thing counts above all: a quick, comprehensible assessment. We test mobile devices using the latest technology and document the results in a structured manner - for authorities, companies and private individuals.
Briefly explained: What do we check?
We check smartphones for typical warning signs and technical traces that may indicate surveillance, malware or unauthorised data leakage. Depending on the case, we combine several approaches: Artefact- and IOC-based checks (Indicators of Compromise), network/communication analyses and supplementary malware checks.
Compromise check
Recognising indications of spyware, stalkerware or malware - traceable and documented.
IOC/signature-based analysis
Comparison with known indicators (e.g. from MVT-compatible sources) to recognise typical attack patterns.
YARA-based malware search
Additional check with YARA rules and other procedures to identify suspicious files/artefacts.
Data traffic & outflow risks
Evaluation of conspicuous communication and possible data outflows, depending on the investigation scenario.
Report & recommendation for action
Comprehensible summary, technical evidence and concrete recommendations for further action.
Technology & methodology - current state of the art
We demonstrably use modern processes and tools and continuously update our methodology. The specific tools and steps used depend on the order, the device (iOS/Android), the version, the availability of data and the legal basis.
Examples of technology used (selection):
- Mobile threat detection systems (including M3-PRO from MEFF Production) for structured checks and reporting.
- MVT-compatible IOC tests (Mobile Verification Toolkit) with documented indicators, as published by Amnesty International and research teams, among others.
- YARA-based detection: matching against rules/signatures to identify known malware patterns (together with other forensic checking mechanisms).
- Network/communication analysis to detect conspicuous connections, domains or Server destinations.
- Supplementary forensic tools for validation, plausibility checks and documentation (depending on the case).
Note on the interpretation of results: Sophisticated spyware is designed to minimise traces. A professional test therefore provides either reliable evidence or a well-founded all-clear with clearly documented limits of the statement.
Areas of application (target group modules)
Authorities
- Preliminary technical check in the event of suspected targeted surveillance or spyware.
- Prioritisation of cases through comprehensible indicators.
- Documentation for files and internal processes.
The company
- Incident Response: Check whether a mobile device is part of a security incident.
- Protection of sensitive roles (e.g. management, administrators, HR, sales).
- Reportable results for IT, management, compliance and data protection.
Private individuals
- Clarification in the event of suspected stalkerware or unauthorised monitoring.
- Assessment of conspicuous symptoms and account/communication anomalies.
- Specific recommendations for protection (accounts, device setup, recovery plan).
Procedure of the test (step-by-step)
- Initial admission:
Brief description of the suspicion, device type, urgency, objective of the inspection. - Selection of the method:
Determination of the appropriate check strategy (e.g. IOC/artefact check, traffic analysis, additional malware checks). - Technical analysis:
Performing the test using the latest technology and documented methodology. - Findings & evaluation:
Classification of the results: Indications, risk assessment, limits of the statement. - Report & Recommendations:
Structured report with clear summary and action plan.
Confidentiality and data protection
Depending on the case, the test may generate technical device data that is required for analysis.
We treat all information confidentially, work for a specific purpose and document the results in a comprehensible manner.
A check is only carried out with the authorisation/consent of the authorised body.
Details on data processing can be regulated in the privacy policy or in the order document.
F.A.Q.
What exactly is checked?
We check iOS and Android devices for signs of compromise. This includes IOC/signature matching, artefact checks, evaluation of conspicuous communication and - depending on the case - additional malware checks (e.g. YARA-based).
Do you have to read out all private content?
No. We work as data-efficiently as possible. Which data is technically required depends on the device and the test objective. We coordinate the procedure in advance and document which data types are included in the analysis.
Can spyware always be reliably detected?
Not always. Sophisticated spyware tries to avoid traces. A professional check provides either reliable evidence or a well-founded all-clear with clearly documented limits.
Will I receive a report?
Yes, you will receive a comprehensible summary, the most important technical evidence and specific recommendations for action. On request, we can prepare the results in such a way that they can also be used in official or internal procedures.
What happens when clues are found?
We then recommend a suitable procedure, e.g. account hardening, closing compromised accesses, controlled reinstallation and - if necessary - further forensic measures.