Android Chameleon: This Malware and Trojan steals your PIN
The malicious Android software, Chameleon, has been discovered to disable fingerprint unlocking to steal user PIN.
The new version of this Android banking trojan utilizes highly advanced techniques to compromise Android devices.
Using an advanced HTML page, it can disable fingerprint and face unlock functionalities to steal device PINs. Zombinder is employed to integrate malicious software into legitimate Android applications, aiming to evade detection and deceive victims. The new capability exploits the features of Android 13 and later versions, pretending to access the Accessibility service. Additionally, it attempts to bypass the security feature “Scoped Storage” in Android 13 and 14. Researchers warn of the dangers and recommend disabling Accessibility permission for suspicious applications.
A notable new feature is its ability to disable biometric functions, such as fingerprint recognition and Face ID, through the Accessibility service. The software captures PINs and access codes for unauthorized use protection. Furthermore, it offers task scheduling for activity management and execution of attacks, depending on the activation or deactivation of Accessibility. Experts caution about the high level of complexity of Chameleon, making it a formidable adversary in the realm of mobile banking malware.
To protect yourself, it is advised to avoid downloading from unofficial APK sources, enable Play Protect, and perform regular checks for malware detection.