• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

S8 Hacked

jackslimgr

Lurker
Unfortunately my samsung has been hacked. A long with my google account. And its been rooted even though i never did that. Please help
 
You should not be able to remotely root an S8. Did you buy it new from a reputable source?

The account is the big problem. You need to secure that, and obviously not using a compromised phone to do so. I'd use a computer that you know is clean to secure the account: charge password, enable two-factor authentication (do not use the phone for authentication either - you can change this later) and remove access from any devices you don't recognise. Do this for Google and Samsung accounts (if Samsung account has such features - I've never created one even for my Samsung tablet).

As for the phone, disconnect from data and WiFi. Back up anything important (contacts, photos), remove the Google account from the phone, factory reset it and then reflash the firmware (which you need a computer for, with software called Smart Switch or Odin - I'm not a Samsung expert so can't talk through this). You can find the official firmware at Sammobile.com - you'll need the full model number, not just "S8". A firmware flash will overwrite the system partition and thereby remove anything that's installed there (important if it's rooted as a factory reset won't do anything to the system). Removing the Google account first is to stop you being locked out by factory reset protection.

If the phone has been hacked I'd be wary of reinstalling apps from a backup.

Of course this all assumes you have been hacked - I say this because we do see people who assume that anything they don't expect must be either a hack or malware, when it often is not. So if you'd like to check do tell us why you believe you have been hacked?
 
You should not be able to remotely root an S8. Did you buy it new from a reputable source?

The account is the big problem. You need to secure that, and obviously not using a compromised phone to do so. I'd use a computer that you know is clean to secure the account: charge password, enable two-factor authentication (do not use the phone for authentication either - you can change this later) and remove access from any devices you don't recognise. Do this for Google and Samsung accounts (if Samsung account has such features - I've never created one even for my Samsung tablet).

As for the phone, disconnect from data and WiFi. Back up anything important (contacts, photos), remove the Google account from the phone, factory reset it and then reflash the firmware (which you need a computer for, with software called Smart Switch or Odin - I'm not a Samsung expert so can't talk through this). You can find the official firmware at Sammobile.com - you'll need the full model number, not just 'S8'. A firmware flash will overwrite the system partition and thereby remove anything that's installed there (important if it's rooted as a factory reset won't do anything to the system). Removing the Google account first is to stop you being locked out by factory reset protection.

If the phone has been hacked I'd be wary of reinstalling apps from a backup.

Of course this all assumes you have been hacked - I say this because we do see people who assume that anything they don't expect must be either a hack or malware, when it often is not. So if you'd like to check do tell us why you believe you have been hacked?

Hello thanks for getting back to me. For the wifi i found that there was numorous off admin accounts setting in that. Anytime i factory reset my modem it would automatically confg back to the setting that the weblink set. As for my cell phone i found that a alcatel phone had rooted my cell phone somehow. With that also i found a lot of codes being entered from github that i was unaware of
 
Hello thanks for getting back to me. For the wifi i found that there was numorous off admin accounts setting in that. Anytime i factory reset my modem it would automatically confg back to the setting that the weblink set. As for my cell phone i found that a alcatel phone had rooted my cell phone somehow. With that also i found a lot of codes being entered from github that i was unaware of

So to remedy this i downloaded malware which helped for a small time until they got through that. Then i downloaded exstentions to stop them which also worked for a short time then stopped working. When i downloaded this certain exstention it told me how many cache that were trying to get through it was about 6 to 700 or so. Also it had anti track and showed me how many tracking codes were trying to get through it was quite a lot
 
TBH I have doubts that another phone rooted your phone. Rooting does not work that way. Especially on a Samsung device that had Knox.

How do you know this for sure?
 
Last edited:
TBH I have doubts that another phone rooted your phone. Rooting does not work that way. Especially on a Samsung device that had Knox.

How do toy know this for sure?

Because thats what the software said and what my security provider had to say. Well at least thats where the root codes are coming from that dont allow me to use my settings system function
 
A router hack is unusual indeed unless you have a particularly weak router (I assume when you talk about resetting your "modem" you mean a router). Do you have other devices on your network which might be compromised? Actually are you sure your router isn't working normally? Remember that we only know what you write, so if you refer to things like "the weblink" with no explanation that means nothing to anyone else.

And yeah, I share the scepticism about "an alcatel phone rooting your phone". But I don't suppose that matters - you want to clear your entire system as well as secure your accounts. I'd just like to understand better what actually is compromised.
 
You just need a brand new Gmail account with a brand new strong password. Created on a pc, not a mobile device. Then take this phone to your carrier and explain your situation. They may give you a new sim card. It may take 48 hours for the new creditials to take effect
 
A router hack is unusual indeed unless you have a particularly weak router (I assume when you talk about resetting your 'modem' you mean a router). Do you have other devices on your network which might be compromised? Actually are you sure your router isn't working normally? Remember that we only know what you write, so if you refer to things like 'the weblink' with no explanation that means nothing to anyone else.

And yeah, I share the scepticism about 'an alcatel phone rooting your phone'. But I don't suppose that matters - you want to clear your entire system as well as secure your accounts. I'd just like to understand better what actually is compromised.

I understand where you are coming from. Im sure it shows someone is using peplink and pepwave and ruckus wireless to log into my router. It is auto confg to them so that when i reset my router and gain access to the admin page the minute i try to do something it will automatically set back to what that admin configured it to. With my phone and accounts i know that my gmail has been compromised and my outlook email account. My gmail is attached to my phone which i think is how they gained access to my phone system. I know that they have used hacking codes from an online forum called github which has a how to configure everything. Also the same with my outlook email account instead though they have used azure to control my outlook account with the codes from github online forum i can get some photos to show you. When i try and delete my account for azure which is attached to my outlook email it wont allow me and i need certain codes to gain access to delete it.
 
In the first one for my outlook email login it is this online forum that isnt allowing me to delete anything. And in the second one those are the admins who are not supposed to be there. They are not my network provider either.
 

Attachments

  • Screenshot_20190522-193331_Samsung Internet.jpg
    Screenshot_20190522-193331_Samsung Internet.jpg
    85 KB · Views: 213
  • Screenshot_20190522-092614_Samsung Internet.jpg
    Screenshot_20190522-092614_Samsung Internet.jpg
    144.3 KB · Views: 475
Back
Top Bottom