The Chameleon Trojan is making a comeback on Android smartphones. This time, it disables the fingerprint recognition feature, forcing the victim to enter the unlock code to get hold of it.
Cybercriminals will stop at nothing to commit their misdeeds and are constantly developing increasingly sophisticated viruses, regardless of the targeted device. Smartphones, iPhone, PC, Mac… No one is safe! The goal is always the same: siphon off as much personal and banking data as possible. This time, the teams of ThreatFabric have spotted malware called Chameleon, which is currently circulating as a fake Google Chrome app, primarily targeting Android users in the UK and Italy. This is a Trojan first appeared in January 2023, employing various distribution methods to infiltrate the Android ecosystem and take control of the device. It mainly targets mobile banking applications and is distributed through phishing pages, masquerading as a legitimate application. This time, he manages to deactivate the fingerprint unlocking option, forcing his victim to enter his lock code… which he takes care to steal. The worst ? No protection solution is capable of blocking it at the moment.
Chameleon: Android malware that steals your banking data
Chameleon is distributed through Zombinder, a Dark Web platform that distributes malware by masquerading as legitimate Android applications. Here, the malware pretends to be Chrome – fully functional and therefore appearing as legitimate as possible for the operating system and the various protections. But to function fully, Chameleon needs Android accessibility rights, which have been blocked by default since Android 13. Also, it pushes the user to activate these accessibility settings using an HTML tutorial . After which, the trap closes permanently, and the victim’s device comes under the full control of the malware.
Once it has all rights, Chameleon deactivates fingerprint reading. Therefore, to unlock their device, the victim is forced to enter their pattern, PIN or password, which the malware is quick to siphon using a keylogger, which records the keystrokes made on the virtual keyboard. With this information, cybercriminals can unlock the smartphone whenever they want and record the user’s details to access their bank account. Note that this new capability is of particular concern to security researchers, because it could extend to other malware.
The other big problem with this malware is that its installation is undetectable in real time, including by antiviruses and the Google Protect solution. ThreatFabric researchers are concerned about the work being done by hackers, who “demonstrates once again how bad actors are responding to the latest security measures designed to thwart their efforts and [comment ils] continually seek to circumvent them.. Also, we repeat ourselves, but it is better to avoid installing an APK from a questionable platform. And even going through the Play Store, it’s safer to only install apps you really need and delete those you no longer use. Finally, do not hesitate to regularly run an analysis of your device with Google’s analysis tools or those of a third-party security solution.