"🔒 Chameleon Malware's New Disguise: Hijacking Biometrics on Android 📱👁️"
The Chameleon Android banking trojan has evolved with alarming new capabilities. It now disables fingerprint and face unlock features on devices to steal PINs. This is achieved through an innovative HTML page trick, granting it Accessibility service access and disrupting biometric operations. 🚨🔓
Earlier incarnations mimicked Australian government entities and financial institutions, using keylogging and overlay attacks. Its current distribution is through the Zombinder service, posing as Google Chrome. Zombinder effectively binds malware to legitimate apps, evading detection by Google Protect and antivirus tools.
Android 13 and 14 users face increased risk. Chameleon exploits "Restricted setting" protections by guiding users through a manual process to enable Accessibility, bypassing security measures. Once access is gained, it interrupts biometric authentication, forcing PIN or password use, which the malware captures for later malicious use.
Chameleon has also integrated task scheduling via the AlarmManager API, optimizing its attack timing based on app usage data. ThreatFabric warns of this enhanced sophistication, urging caution against unofficial APK downloads and recommending regular Play Protect scans.
Stay informed, stay secure. 🛡️
Source: BleepingComputer, by Bill Toulas.
Tags: #CyberSecurity #AndroidMalware #BiometricSecurity #BankingTrojan #ChameleonMalware #Zombinder #GoogleProtect #ThreatFabric #AccessibilityService #MalwareEvolution
