How dangerous is PluginPhantom virus?
PluginPhantom virus is a Google Android Trojan that tries to steal personal data by using the DroidPlugin framework. It’s the first attempt to use this legitimate tool in the malware history. According to the malware researchers, this trojan might be an updated version of Android.Trojan.Ihide – the Android Trojan that has been detected in the middle of summer 2016. Both of them share the same certificate and package name; however, PluginPhantom malware is an updated version. It uses legitimate and popular Android app virtualization framework that allows evading static detection. DroidPlugin allows creating applications that can be loaded or modifying plugins not from the local device but the remote access as well. Till this day this tool has been used for legal purposes only, for example, using multiple accounts in various social media apps. However, in the hands of evil-minded developers, the usage of this tool became concerning and threatening. Malware not only tries to steal personal data from the affected device but also might work as a keylogger. Therefore, Android users should be afraid to lose pictures, contact lists, SMS Messages, location details, audio or video files, Wi-Fi information and even their banking or credit card information if they use Android device for business or shopping activities. In order to protect private details, it’s important to remove PluginPhantom as soon as it appears on the device.
After malware analysis, it is known that PluginPhantom virus includes nine plugins. Online plugin, Task plugin, and Update plugin are used for basic operations such as communicating with Command and Control server, updating, relaunching and operating other plugins. Other six plugins are responsible for various malicious actions: Contact plugin, File plugin, Camera plugin, File plugin, Wi-Fi plugin and Radio plugin. The names of the plugins suggest their purposes and target areas. For example, Contact plugin steals information related to contacts saved in SIM and device, call logs and SMS messages. The Camera plugin allows taking pictures or screenshots of the affected device. Wi-Fi plugin steals information related to system, device, installed applications, users’ data, etc. Using File plugin to scan the device and external media, and steal various personal information. Besides, Plugin Phantom malware might delete some files or download particular plugins. Malware is still under an investigation, and all its features are not known yet. However, if your tablet or smartphone got infected, you should not wait. It’s crucial initiate PluginPhantom removal to protect your privacy.
How can Android devices get infected with this malware?
Malware researchers are still analyzing this malware and its distribution techniques. At the moment we cannot tell exact ways how and then PluginPhantom hijack might occur. However, the malware didn’t make to sneak into Google Play, so there’s no need to worry about installing it from there. However, some popular navigation apps in China might be related to this malware. Researchers claim that Baidu Maps and Map Maps use collected and translated location data.
How to remove PluginPhantom virus?
For malware detection and PluginPhantom removal we recommend installing and scanning your Android device with one of these programs: BullGuard Mobile Security or Webroot SecureAnywhere AntiVirus. However, malware can prevent you from installing security tools, so in this case, you have to reboot your device into Safe Mode before launching preferred antivirus program.
- Press power button until you see a menu. Then, tap the Power off.
- You will see a dialog window where you will be offered to reboot your device to Safe Mode. Tap this option and then OK.
However, if these steps didn’t help you, turn off and turn on your device. When it becomes active, press and hold these three buttons together: Menu, Volume Down, Volume Up (or only Volume Down and Volume Up buttons). After a couple of seconds, you will see a dialog window offering reboot the device to the Safe Mode.
Additionally, you can try to remove Plugin Phantom manually, but you should do it very carefully. In the worst scenario, you might delete useful files or applications. However, manual removal requires uninstalling this malicious application by following these steps:
- Reboot your device into Safe Mode using one of the previously explained instructions.
- When your device is rebooted into Safe Mode, go to Settings and click on Apps (or Application manager).
- Then look for malicious apps and uninstall them.
If you are unlucky and none of these instructions work for you, you should reset your device’s factory settings by following these simple steps:
- Tap on the Settings icon.
- Select Privacy (or Personal) and Factory reset (different devices and Android versions can rename this section as Factory data, Backup & reset or similarly). If you want to protect data stored on the device, you should select Back up my data option.
- Then, tap Reset device to remove PluginPhantom from your smartphone or tablet.