It's part of a nasty malware. Recently update your os? That update didn't come from your carrier. It exploits a vulnerability in the Samsung keyboard to gradually take complete control of your phone through privilege escalation.
Anti-virus can't detect it. You can kinda see what's going on with some different app analyze apps. Look at permissions, manifests, double system apps, multiple phone apps.
This trojan probably came from a completely safe pstore app that got your network info. They crack your network and have remote access to everything.
It can see and hear you at all times. It can extrapolate what you're typing on a pc, even if it's in your pocket. It gets all your account passwords and uses them to create a multitude of new accounts for mass spam and fraud. It bounces spams and fraud and exploits off your contacts devices. It displays false info that your WiFi or bt is off, when it's on. It grabs your fingerprint auth with a fake display and then uses it to auth you. It can communicate in numerous ways most of us don't know our phones can connect, and it'll happen when you have turned of your connection, airplane mode, turned off.
The task of fully removing this once embedded is expensive and tricky. Factory reset is useless. Flashing new firmware is useless. There's a convoluted series of technical actions that might remove the RAT, beyond my skill set. Then, your whole network, other devices, accounts, backup accounts, etc are tunnels to reinfect your clean or new device. And, it's not clear to the uninitiated how to clean all network devices and secure all passwords and auth without being logged and just going 'round in closing one door and opening another. If the guy on the other end is persistent, it could require extreme measures to fully rid yourself of it. Remember, your hacker has every aspect of your identity and knows you more intimately than anyone. I have read horror stories about similar intrusions that persisted despite best efforts. I was terrified and panicked when I discovered the spy. I hard reset as fast as my fingers could. It returned and I took it to Samsung where they "fixed" it. It returned and then I got curious. I examined every my phone does and the ironic thing is it's difficult to determine where stockware ends and malware begins. Manufacturers, carriers, accounts are tracking you in manifest language that is almost identical to the malware language. The practical difference is how your info is monetized.
