Severity scale:  
  (95/100)

PluginPhantom virus. How to remove? (Uninstall guide)

removal by Jake Doevan - - | Type: Malware
12

How dangerous is PluginPhantom virus?

PluginPhantom virus is a Google Android Trojan that tries to steal personal data by using the DroidPlugin framework. It’s the first attempt to use this legitimate tool in the malware history. According to the malware researchers, this trojan might be an updated version of Android.Trojan.Ihide – the Android Trojan that has been detected in the middle of summer 2016. Both of them share the same certificate and package name; however, PluginPhantom malware is an updated version. It uses legitimate and popular Android app virtualization framework that allows evading static detection. DroidPlugin allows creating applications that can be loaded or modifying plugins not from the local device but the remote access as well. Till this day this tool has been used for legal purposes only, for example, using multiple accounts in various social media apps. However, in the hands of evil-minded developers, the usage of this tool became concerning and threatening. Malware not only tries to steal personal data from the affected device but also might work as a keylogger. Therefore, Android users should be afraid to lose pictures, contact lists, SMS Messages, location details, audio or video files, Wi-Fi information and even their banking or credit card information if they use Android device for business or shopping activities. In order to protect private details, it’s important to remove PluginPhantom as soon as it appears on the device.

After malware analysis, it is known that PluginPhantom virus includes nine plugins. Online plugin, Task plugin, and Update plugin are used for basic operations such as communicating with Command and Control server, updating, relaunching and operating other plugins. Other six plugins are responsible for various malicious actions: Contact plugin, File plugin, Camera plugin, File plugin, Wi-Fi plugin and Radio plugin. The names of the plugins suggest their purposes and target areas. For example, Contact plugin steals information related to contacts saved in SIM and device, call logs and SMS messages. The Camera plugin allows taking pictures or screenshots of the affected device. Wi-Fi plugin steals information related to system, device, installed applications, users’ data, etc. Using File plugin to scan the device and external media, and steal various personal information. Besides, Plugin Phantom malware might delete some files or download particular plugins. Malware is still under an investigation, and all its features are not known yet. However, if your tablet or smartphone got infected, you should not wait. It’s crucial initiate PluginPhantom removal to protect your privacy.

Plugin Phantom virus targets Android devices

How can Android devices get infected with this malware?

Malware researchers are still analyzing this malware and its distribution techniques. At the moment we cannot tell exact ways how and then PluginPhantom hijack might occur. However, the malware didn’t make to sneak into Google Play, so there’s no need to worry about installing it from there. However, some popular navigation apps in China might be related to this malware. Researchers claim that Baidu Maps and Map Maps use collected and translated location data.

How to remove PluginPhantom virus?

For malware detection and PluginPhantom removal we recommend installing and scanning your Android device with one of these programs: BullGuard Mobile Security or Webroot SecureAnywhere AntiVirus. However, malware can prevent you from installing security tools, so in this case, you have to reboot your device into Safe Mode before launching preferred antivirus program.

  1. Press power button until you see a menu. Then, tap the Power off.
  2. You will see a dialog window where you will be offered to reboot your device to Safe Mode. Tap this option and then OK.

However, if these steps didn’t help you, turn off and turn on your device. When it becomes active, press and hold these three buttons together: Menu, Volume Down, Volume Up (or only Volume Down and Volume Up buttons). After a couple of seconds, you will see a dialog window offering reboot the device to the Safe Mode.

Additionally, you can try to remove Plugin Phantom manually, but you should do it very carefully. In the worst scenario, you might delete useful files or applications. However, manual removal requires uninstalling this malicious application by following these steps:

  1. Reboot your device into Safe Mode using one of the previously explained instructions.
  2. When your device is rebooted into Safe Mode, go to Settings and click on Apps (or Application manager).
  3. Then look for malicious apps and uninstall them.

If you are unlucky and none of these instructions work for you, you should reset your device’s factory settings by following these simple steps:

  1. Tap on the Settings icon.
  2. Select Privacy (or Personal) and Factory reset (different devices and Android versions can rename this section as Factory data, Backup & reset or similarly). If you want to protect data stored on the device, you should select Back up my data option.
  3. Then, tap Reset device to remove PluginPhantom from your smartphone or tablet.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove PluginPhantom virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall PluginPhantom virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.
Press mentions on Reimage

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions


  • Samsung

    OMG this virus seems horrible. I am so afraid to catch it!