Chameleon Android Trojan Bypasses Biometrics
Android users have something to worry about this holiday season, as a new variant of the Chameleon banking trojan has been identified. Concerningly, it’s capable of bypassing any biometric security measures to steal PINs and passwords. According to ThreatFabric, which first reported the malware, it was initially targeting Australia and Poland, but has now expanded its malicious activities to the UK and Italy.
The latest variant of the Chameleon trojan is distributed via the Zombinder service and poses as Google Chrome apps to trick users into enabling Accessibility services. Once this is done, the malware can interrupt biometric operations like fingerprint and face unlock, forcing the device to revert to PIN or password authentication. With this, the attacker can easily capture the user’s input to steal their PIN or password, allowing them access to the device whenever they please for further malicious activity.
As reported by BleepingComputer, the latest iteration of Chameleon is particularly worrisome due to its ability to bypass the “Restricted Settings'' in Android 13, a feature meant to block the easy approval of dangerous permissions. If this feature is detected, the malware will instead display a HTML page that guides users through enabling the Accessibility service manually.
ThreatFabric elaborated on the danger of the Chameleon trojan, stating that these upgrades of the trojan “elevate the sophistication and adaptability” and make it a “more potent threat in the ever-evolving landscape of mobile banking trojans."
Alongside Chameleon, other dangerous and prolific threats, like the MMRat malware which we reported on earlier, are also attempting to access and steal data from devices. Moreover, the DogeRAT malware has emerged, specifically targeting Android users in India, further complicating the digital security landscape. To reduce the risk of infection from these malicious services, users are advised to download apps only from official sources and keep Play Protect enabled.
Please, comment on how to improve this article. Your feedback matters!