A new version of the Chameleon Android banking trojan has been discovered by cybersecurity researchers. This malware can disable the fingerprint and face unlock features on your device and steal your PIN. It is distributed through a darknet service that disguises it as a legitimate app.
The Chameleon malware is a sophisticated banking trojan that targets Android users in various countries. It can perform various malicious activities, such as:
- Overlaying fake login screens on top of banking apps and other sensitive apps to steal your credentials
- Intercepting and sending SMS messages to bypass two-factor authentication
- Harvesting your contacts, call logs, browser history, and other personal data
- Executing unauthorized transactions from your bank accounts
- Locking your device and demanding a ransom
The malware is delivered through a service called Zombinder, which binds the malicious payload to legitimate apps. The latest version of the Chameleon malware pretends to be the Google Chrome web browser. Once installed, it asks the user to enable the accessibility service, which grants it full control over the device.
How does the Chameleon malware bypass biometric authentication?
One of the most alarming features of the new Chameleon malware is its ability to bypass biometric authentication, such as fingerprint and face unlock. It does this by using the accessibility service to change the lock screen settings of the device. It switches the authentication method from biometrics to PIN, and then steals the PIN by recording the user’s keystrokes.
This means that the malware can unlock the device at any time, without the user’s knowledge or consent. It can also prevent the user from changing the lock screen settings back to biometrics. This gives the malware full access to the device and its contents, even if the user has enabled biometric security.
How can you protect yourself from the Chameleon malware?
The Chameleon malware is a serious threat to Android users, especially those who use banking and other sensitive apps on their devices. To protect yourself from this malware, you should follow these tips:
- Avoid downloading apps from unknown or untrusted sources. Only download apps from the official Google Play Store or other reputable app stores.
- Check the permissions and reviews of the apps before installing them. Be wary of apps that ask for unnecessary or excessive permissions, such as accessibility, device admin, or overlay.
- Keep your device and apps updated with the latest security patches and updates. This can help prevent the malware from exploiting any vulnerabilities in your system.
- Use a reliable antivirus or security app on your device. This can help detect and remove any malware infections on your device.
- Be careful when entering your PIN or other credentials on your device. Make sure that the app or website you are using is genuine and secure. Look for signs of phishing or spoofing, such as misspellings, grammatical errors, or unusual requests.