{
	"id": "aa8ae91c-510f-4703-bf04-4248beb30356",
	"created_at": "2026-04-06T03:37:03.975121Z",
	"updated_at": "2026-04-10T03:21:53.958927Z",
	"deleted_at": null,
	"sha1_hash": "7f87c41725d5c1094832f6efa45b77d4a074ba3c",
	"title": "LevelBlue - Open Threat Exchange",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 31528,
	"plain_text": "LevelBlue - Open Threat Exchange\r\nBy KonstantinJM\r\nArchived: 2026-04-06 02:53:46 UTC\r\nFileHash-SHA256: 9 | IPv4: 1 | Hostname: 1\r\nPluginPhantom is a new class of Google Android Trojan: it is the first to use updating and to evade static\r\ndetection. It does this by leveraging the Android plugin technology. It abuses the legitimate and popular open\r\nsource framework “DroidPlugin”, which allows an app to dynamically launch any apps as plugins without\r\ninstalling them in the system. PluginPhantom implements each element of malicious functionality as a plugin, and\r\nutilizes a host app to control the plugins. With the new architecture, PluginPhantom achieves more flexibility to\r\nupdate its modules without reinstalling apps. PluginPhantom also gains the ability to evade the static detection by\r\nhiding malicious behaviors in plugins. Since the plugin development pattern is generic and the plugin SDK can be\r\neasily embedded, the plugin architecture could be a trend among Android malware in the future.\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:pluginphantom\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:pluginphantom\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://otx.alienvault.com/browse/pulses?q=tag:pluginphantom"
	],
	"report_names": [
		"pulses?q=tag:pluginphantom"
	],
	"threat_actors": [],
	"ts_created_at": 1775446623,
	"ts_updated_at": 1775791313,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7f87c41725d5c1094832f6efa45b77d4a074ba3c.pdf",
		"text": "https://archive.orkl.eu/7f87c41725d5c1094832f6efa45b77d4a074ba3c.txt",
		"img": "https://archive.orkl.eu/7f87c41725d5c1094832f6efa45b77d4a074ba3c.jpg"
	}
}