I've had exact same issues as everyone here for many years, down to same file names & apps. I do not believe this is limited to Samsung phones (they and ZTE's just seem to be extremely open to attack); I've had similar experiences to varying degrees on
Device:
Samsung S6
LG Stylus
ZTE Blaze
Motorola G7 Power
Alcatel Tablet
Carrier:
Verizon, Cricket, MetroPCS,
T-mobile


I've researched issue thoroughly, finding no permanent method of resolution or prevention. So far, replacing all devices in question does provide temporary relief (when done correctly), but problem returns within 6 months.
I now know what to watch for and have streamlined & automated switching to & setting up new devices as needed.


There IS a few steps you can take to:
Alert to device being compromised & info accessed or attempted to be accessed,
Minimize scope of intrusion,
Minimize data & info able to be accessed by hack,
Monitor tower (notified of connection to 'Unknown Cell Tower') & react to Network Connection Changes (disconnect from false tower & reconnect),
Hide your cell number, imsi, SN, etc to temporarily prevent/delay re-hack/new intrusion),
Immediately check any suspicious file, apk, IP, url, domain or file hash to find associated source, IP, callouts, url's, app, file & apk package content, etc.
Streamline & secure mobile device backup and replacement device setup/restore process


While I do not believe there is ultimately any method of prevention or resolution if one is truly experiencing a hack at this level, there are methods/tools that can reduce frustration, feeling powerless & violated and to at least prolong device replacement.
Anyone interested can message me directly here for
specifics.