Have you ever wondered how hackers can bypass your biometric security, such as fingerprint or face unlock, to access your phone and steal your data? Well, there is a new Android malware that can do just that. It is called Chameleon, and it is a banking trojan that disguises itself as a legitimate app.
Cybersecurity researchers have issued a warning about a shapeshifting Android malware named Chameleon Trojan that bypasses security measures to steal users’ PINs and passwords.
In Short
- The malware can trick users into enabling accessibility services to steal information.
- It can bypass biometric settings.
- Users are advised to avoid downloading APKs.
Chameleon was first discovered in April 2023, and it targeted users in Australia and Poland. It was distributed via the Zombinder service, a darknet platform that binds malware to popular apps. The malware would ask users to permit it to use the Accessibility service, which normally prevents dangerous apps from accessing sensitive features. Once granted, the malware would use the Accessibility service to disable biometric operations on the device, such as fingerprint or face unlock. Then, it would ask users to enter their PIN or password to unlock their device.
How does this malware work?
The malware would then monitor the user’s inputs and recognize which code is in use. It would then schedule tasks and steal sensitive data from the device, such as login credentials, bank details, messages, contacts, photos, and more. The malware was also undetectable by Google Play Protect and anti-virus products running on the infected device.
The latest version of Chameleon has emerged with new capabilities and expanded its targeting area. It now poses as the Google Chrome app for Android 13 and later versions. It uses an HTML page trick to bypass the Restricted setting on these versions of Android. This setting blocks the approval of dangerous permissions like Accessibility for apps that are not verified by Google Play Protect.
The new version of Chameleon also uses a method to interrupt biometric operations on the device like fingerprint and face unlock. This uses the Accessibility service to disrupt PIN or password authentication. The malware can also display an HTML page on devices running Android 13 or later that guides users through a manual process to enable Accessibility for the app. This bypasses the system’s protection.
What are the risks?
The risks associated with Chameleon malware are severe and multifaceted.
- Financial theft: It can steal your bank details, jeopardizing your sensitive banking information and leading to severe financial consequences.
- Unauthorized access: With the help of stolen passwords and PINs, Chameleon can gain unrestricted access to your devices. Essentially, this allows malicious actors to control your digital devices, thereby enabling unauthorized transactions and data theft.
- Privacy breach: Personal messages, app usage, and online activities are all exposed when there is a privacy theft. Chameleon can monitor and steal this information, leaving you vulnerable to identity theft and other cybercrime.
How to protect yourself?
Chameleon is a serious threat to Android users who rely on biometric security for their devices. It can easily take over their devices without them noticing and steal their valuable data. To protect yourself from this malware, you should avoid installing apps from unknown sources or third-party platforms like Zombinder. You should also keep your device updated with the latest security patches and use Google Play Protect regularly. You should also enable biometric security on your device if possible and avoid entering your PIN or password when prompted by suspicious apps.
If you suspect that your device is infected by Chameleon or any other malware, you should scan it with a reputable anti-virus app immediately and remove any suspicious apps from your device. You should also change your passwords for any online accounts that may have been compromised by the malware.
Chameleon is one of many examples of how cybercriminals are constantly evolving their techniques to exploit vulnerabilities in Android devices and apps. As an Android user, you should always be vigilant and cautious about what you download and install on your device.