Can't kill hacker's activity in android

Luna2018 · Aug 15, 2018

Hello,
My smartphone was hacked and i need help for deleting hackers activity.

All my apps got all possible permission to acsess my data (network, sd card, system etc). Some of my important files is deleted and destroyed by hacker.

I can't block NFC and wi-fi . I have no wi-fi connection at home. But i see that NFC is running, all my apps connected to wi-fi, phone working very slowly.
I see that phone maked 5 calls during 30 min when it was turned off (!). I think, my phone use hacker's wi-fi.

I see how my phone folders opening and can do nothing. Hacker often block internet.

I performed FRP, installed 4 files service firmware via Odin. No luck. Then I did FRP and installed TWRP, SuperSu, LineageOS v.14. During installation i cleaned Dalvik/ART Cache, Data, Internal Storage, System, Cache.
Also i skiped google and samsung verification. But also no luck. My smarthone was hacked after a few minuts, although i did it without sim-card and wi-fi, use only clean installation on clean sd card.

I strongly need help and I will be greatly appriciated for any advice! I think virus in core.

-- where i can find and delete extra superuser on my phone,
-- where i can find and delete dangerous app permissions, added by hacker,
-- where i can find and delete dangerous changes (apps, files, pieces of code) added by hacker,
-- what extra actions i can perfom to deleted hacker from my phone (exept FRP and custom OS/firmware)?

Thank you!

Hadron · Aug 15, 2018

OK, the key line here is:

My smarthone was hacked after a few minuts, although i did it without sim-card and wi-fi, use only clean installation on clean sd card.

If your phone has no internet connections (no WiFi, no cellular) then it cannot be hacked. NFC is irrelevant as it has a range of cm, so the hacker would have to be in the room with you to exploint that, and I assume that bluetooth is also off. So the implication of this is that the reset never removed the malware in the first place. However, if you installed a custom ROM that should wipe the system partition, which is the thing that would survive a factory reset, so this is a puzzle (unless you restored or installed somthing you haven't mentioned).

Anyway, the cleanest thing you can do is flash a new set of stock firmware from Sammobile.com. This will overwrite everything. Obviously factory reset first.

The biggest hacking risk is a compromised Google account (possibly Samsung: I've never created one or used the Samsung store even on my Samsung tablet, but assume it could also provide a backdoor). So you need to secure that account (change its password, enable two-factor authentication). And use a device you know is secure to do this: not a compromised phone, the question is how confident are you that your computer is clear?

Davdi · Aug 15, 2018

To be sure you're using a clean computer, download a Linux live image on your PC and burn it to a DVD( Mint is a good user friendly one (linuxmint.com). Make sure you can boot from a DVD (Check in BIOS/EFI) and secure the account using the browser on the live Linux. The reason that this is secure is that nothing is ever stored when you power the computer down. In effect, when you run from a DVD you're starting with a fresh OS every time.
Oh, if you want to save anything while running Linux from a DVD, you should be able to save to the computer's hard disk, or to a USB stick or external Hard Disk.

KBU2 · Aug 16, 2018

What Android device you feel that's hacked are you using?

Luna2018 · Aug 17, 2018

Thank you for your answers! I know that it looks strange, but i tried lots of actions before posted topic here.
All smartphones and computers in our family was hacked. That's why i went to the library, ask administrator to give me computer, use the new sd card...
But after i installed Lineage OS, my phone start using wi fi with ? sign, my MAC address changed, from mine to 02 00 00 00 00 00 and NFC connection start running. All app can manage network connection, turn off and on, use location etc. I think virus in core and restore when i install firmware. My smartphone Samsung A5 2016. I see that it was not library wi fi. I know it was hackers wi fi. but how i can avoid it.... I will try stock firmware but i think virus in core and any firmware will restore it. But i will try again with Live CD, thank you in advance for answer! Can i ask, how i can check extra super user in system files? I deleted permissions via Lineage OS, but all apps still have it. It's unbelievable!

Hadron · Aug 17, 2018

What do you mean by "core"? This term has no recognised meaning in Android software/firmware architecture. If you mean "kernel" that is replaced by a ROM flash, never mind a full stock firmware flash (which replaces everything: bootloader, baseband, recovery, kernel, ROM and everything else).

Davdi · Aug 17, 2018

Question for OP, how do you find your device's MAC address - do you open a terminal on the phone and do an ifconfig?
MAC address can be spoofed, this is a legitimate security technique which lineage may be using, NFC has a range of centimetres so it's not really a concern if it's active, apart from using a small amount of power. I'd expect su/superuser to be part of LineageOS. I'd suggest reflashing stock firmware.

Luna2018 · Aug 18, 2018

Thank you for answers! it's increadably userful for me. Davdi, I found MAC address here: Settings - Wi-Fi - MAC address. 02:00:00:00:00:00. (Also i put "Keep Wi-Fi on during sleep - Never.
My phone connected Wi-Fi with "?" and my cellular network stopped. I make Network settings reset and my cellular network start working again. And i do this many times per day. Also i can't turn off publick network notification. All my family members can make a call only from the 2-3 attempt (we have different providers).
I understand i need reflashing again. Can you tell me what i should choose:

- full stock firmware.
Hadron, you mean 4files firmware with pit file? But where i should get it? In Sammobile.com i found only 1 file firmware for samsung j3 2016 (it's my mather's phone, i decided start from simple phone with removable battery, it also hacked).

- You told about Live CD in Linux. Can you tell me how i can use Odin with Linux Live CD or i should use another flashing tool? Can i use internet and save files on micro sd in Live CD?
I told that some panels in lineage os is frozen (NFC and Publick Wi-Fi), but they worked for the first time. How i can return there's activity again? And return panels that is dissapeared from system (simetimes it's happens)?

- in core. Unfortunately, i am not familiar with android. I mean part of system that is more powerfull that firmware.

- How i can change system app permissions programmaticaly and save results in android system. Here i found a topic https://androidforums.com/threads/how-to-make-an-app-to-change-settings.1284259/.
Do you think Tasker a good choice for this? Can i edit manifest file this Tasker and save results stright in system apps in phone?

- How i can turn off NFC, GPS and Wi-Fi programmatically, make it complitelly unveliable on my phone?

Sorry for lot's of question. Thank you in advance!

Luna2018 · Aug 18, 2018

Also i have to say that i like Lineage OS very much. I use it for the first time but it seems to me this OS is wonderfull. Can i return to Lineage OS after I clean my phone with right stock firmware?

bcrichster · Aug 18, 2018

Luna2018 said:
Also i have to say that i like Lineage OS very much. I use it for the first time but it seems to me this OS is wonderfull. Can i return to Lineage OS after I clean my phone with right stock firmware?

As long as your bootloader wasn't relocked, absolutely.

Can't kill hacker's activity in android

Lurker

Spacecorp test pilot

Android Expert

Android Expert

Lurker

Spacecorp test pilot

Android Expert

Lurker

Lurker

ROMinator

BEST TECH IN 2023

Smartphones

Best Android Phones

Upcoming

Best iPhones

Upcoming

Tablets

Best Tablets

Upcoming

Laptops

Best Laptops

Upcoming

Televisions

Best TVs

Upcoming

Game Consoles

Best Game Consoles

Upcoming

Wearables

Best Wearables

Upcoming

Smart Home

Smart Home Tech

Upcoming

Similar threads