malware – How can I recover my exploited Android phone?

I have a Samsung S9 phone that has been exploited by my neighbor, however, I'm not sure how to test / verify it, how deep is the access to my phone or how can I protect my phone again.

It seems they have access to everything on my phone. They also spoke to me a couple of times through the speaker of my phone as if the phone had an ongoing call on the speaker, but there was no indication of it on the phone.

They have also been able to follow where I am using my cell phone. I discarded being tracked through location data in a Google account by deleting all Google accounts from my phone.

I scanned for viruses and malware and on the phone using Kaspersky Endpoint Security and discovered a malicious .apk that was detected as a Trojan virus (HEUR.RiskTool). I guess this is not a false positive because there is absolutely no information available online.

Virus detection KasperSky Endpoint Security

First I tried to delete it / quarantine it using Kaspersky Endpoint SecurityHowever, I received the following errors:

"File quarantine failed: the file is in use or the permission to delete the file
He is lost"

"The file can not be deleted: the file is in use or the permission to delete the file is
missing"

I tried to delete the file manually, however, the phone is not rooted, so I did not have the necessary permissions to do so.

Then I tried to restart the phone in safe mode and disable .apk in the list of applications, however, it was not present in the list of applications.

Then I tried to remove the .apk by resetting the factory phone, however, the .apk is still present after the factory reset. After that I thought it could be due to a custom ROM on my phone.

I tried to make the phone's partitions return to the factory default, but I could not do it since the phone was not rooted. I thought that they could possibly de-root my phone, install a custom ROM and then lock the phone again, but I'm not sure how to verify it. Is this possible?

I checked the current compilation number on my phone, and it seems to be the correct current build: R16NW.G960USQS3ARIB

enter the description of the image here

Any information that helps me understand, backtrack and / or eliminate this would be much appreciated …

  • How did I get there if I do not have root access and did not download the .apk file directly? Is it possible to have a virus installed on the phone through wifi or bluetooth without my knowing what happened?

  • How can I trace where it comes from?

  • How can I verify the permissions of the malicious .apk to see what it has access to in my phone if the .apk does not appear in the list of applications, even in safe mode?

  • How can I identify if a custom ROM has been installed on my phone that allows remote access to my phone?

  • Is it possible that the phone has been rooted, and then blocked after installing the apk / custom rom to prevent it from being deleted?

  • Is there any way to flash the partitions on the phone back to the factory defaults to remove the malicious .apk even if I do not have root access? All the methods I could find required access to the root of the phone to flash anything again.