A good article documenting the need to review phone bills in detail each month:
Mobile Security – How can you tell your phone is infected?
QUOTE: On a PC the signs are pretty obvious. Your computer slows to a near-screeching halt, your browser re-directs you to random websites, your friends are suddenly calling asking about your career change to become a Viagra distributor (since your email has probably been hacked). Your IT guy can often tell by looking at your process names, as malware authors might name their malicious process ‘svchsot.exe’ to look like a legit one ‘svhost.exe’ (see what I did there?).
Harder To Tell On a Phone — According to Kaspersky malware researcher Tim Armstrong, users usually don’t discover something’s wrong until they look at their phone bills and don’t recognize the numbers of text message recipients. Premium rate SMS Trojans are the most common type of mobile malware. This malware disguises itself in a legit-looking app, and secretly sends SMS short codes that bill the caller. Nor will an average user really be able to tell by checking app permissions. Android developers can choose from dozens of permissions, and as Armstrong notes, it’s often impossible to guess which are legitimate and which are warning signs.