PluginPhantom virus (Simple Removal Guide)

PluginPhantom virus Removal Guide

What is PluginPhantom virus?

How dangerous is PluginPhantom virus?

PluginPhantom virus is a Google Android Trojan that tries to steal personal data by using the DroidPlugin framework. It’s the first attempt to use this legitimate tool in the malware history. According to the malware researchers, this trojan might be an updated version of Android.Trojan.Ihide – the Android Trojan that has been detected in the middle of summer 2016. Both of them share the same certificate and package name; however, PluginPhantom malware is an updated version. It uses legitimate and popular Android app virtualization framework that allows evading static detection. DroidPlugin allows creating applications that can be loaded or modifying plugins not from the local device but the remote access as well. Till this day this tool has been used for legal purposes only, for example, using multiple accounts in various social media apps. However, in the hands of evil-minded developers, the usage of this tool became concerning and threatening. Malware not only tries to steal personal data from the affected device but also might work as a keylogger. Therefore, Android users should be afraid to lose pictures, contact lists, SMS Messages, location details, audio or video files, Wi-Fi information and even their banking or credit card information if they use Android device for business or shopping activities. In order to protect private details, it’s important to remove PluginPhantom as soon as it appears on the device.

After malware analysis, it is known that PluginPhantom virus includes nine plugins. Online plugin, Task plugin, and Update plugin are used for basic operations such as communicating with Command and Control server, updating, relaunching and operating other plugins. Other six plugins are responsible for various malicious actions: Contact plugin, File plugin, Camera plugin, File plugin, Wi-Fi plugin and Radio plugin. The names of the plugins suggest their purposes and target areas. For example, Contact plugin steals information related to contacts saved in SIM and device, call logs and SMS messages. The Camera plugin allows taking pictures or screenshots of the affected device. Wi-Fi plugin steals information related to system, device, installed applications, users’ data, etc. Using File plugin to scan the device and external media, and steal various personal information. Besides, Plugin Phantom malware might delete some files or download particular plugins. Malware is still under an investigation, and all its features are not known yet. However, if your tablet or smartphone got infected, you should not wait. It’s crucial initiate PluginPhantom removal to protect your privacy.

The picture of PluginPhantom virus

How can Android devices get infected with this malware?

Malware researchers are still analyzing this malware and its distribution techniques. At the moment we cannot tell exact ways how and then PluginPhantom hijack might occur. However, the malware didn’t make to sneak into Google Play, so there’s no need to worry about installing it from there. However, some popular navigation apps in China might be related to this malware. Researchers claim that Baidu Maps and Map Maps use collected and translated location data.

How to remove PluginPhantom virus?

For malware detection and PluginPhantom removal we recommend installing and scanning your Android device with one of these programs: BullGuard Mobile Security or Webroot SecureAnywhere AntiVirus. However, malware can prevent you from installing security tools, so in this case, you have to reboot your device into Safe Mode before launching preferred antivirus program.

  1. Press power button until you see a menu. Then, tap the Power off.
  2. You will see a dialog window where you will be offered to reboot your device to Safe Mode. Tap this option and then OK.

However, if these steps didn’t help you, turn off and turn on your device. When it becomes active, press and hold these three buttons together: Menu, Volume Down, Volume Up (or only Volume Down and Volume Up buttons). After a couple of seconds, you will see a dialog window offering reboot the device to the Safe Mode.

Additionally, you can try to remove Plugin Phantom manually, but you should do it very carefully. In the worst scenario, you might delete useful files or applications. However, manual removal requires uninstalling this malicious application by following these steps:

  1. Reboot your device into Safe Mode using one of the previously explained instructions.
  2. When your device is rebooted into Safe Mode, go to Settings and click on Apps (or Application manager).
  3. Then look for malicious apps and uninstall them.

If you are unlucky and none of these instructions work for you, you should reset your device’s factory settings by following these simple steps:

  1. Tap on the Settings icon.
  2. Select Privacy (or Personal) and Factory reset (different devices and Android versions can rename this section as Factory data, Backup & reset or similarly). If you want to protect data stored on the device, you should select Back up my data option.
  3. Then, tap Reset device to remove PluginPhantom from your smartphone or tablet.
do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

How to prevent from getting malware

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.

If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.


Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.

Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection. 


About the author
Jake Doevan
Jake Doevan - Computer technology expert

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions