Android users need to be careful of a new malware that can steal their bank account credentials and bypass biometric authentication methods. The malware, dubbed Chameleon Trojan, has been targeting hundreds of banking and cryptocurrency apps in 16 countries, according to cybersecurity experts.
Chameleon Trojan is a malicious app that masquerades as a legitimate app, such as Google Chrome, and installs itself on the victim’s device. Once installed, the malware runs in the background and waits for the user to interact with a targeted app, such as a banking or crypto app. Then, it displays a fake overlay on the screen, asking the user to enter their username and password. The user may think that this is a normal login process, but in reality, the malware is collecting their credentials and sending them to a remote server.
Chameleon Trojan can also disable biometric authentication methods, such as fingerprint and face unlock, and force the user to enter their PIN. This way, the malware can access the user’s bank account and drain their funds. The malware can also record the user’s screen, send fake text messages, and perform other malicious actions.
How widespread is Chameleon Trojan and who is behind it?
Chameleon Trojan has been active since June 2021 and has targeted over 400 banking and cryptocurrency apps in 16 countries, according to ThreatFabric, a cybersecurity company that has been monitoring the malware. Half of the targeted apps were banking apps, while others included cryptocurrency wallets and exchanges. The most affected countries were the United States, Turkey, and Spain, followed by Canada, France, Germany, and the U.K.
ThreatFabric believes that the developers of Chameleon Trojan speak Russian, as the malware avoids infecting devices that list a language spoken in a post-Soviet country as a preference. These countries include Russia, Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Uzbekistan, and Tajikistan.
How can Android users protect themselves from Chameleon Trojan?
The best way to protect oneself from Chameleon Trojan is to avoid installing apps from untrustworthy sources, such as third-party app stores or unknown links. Users should only download apps from the official Google Play Store, and check the reviews and ratings of the apps before installing them. Users should also keep their security software up-to-date and restrict unnecessary accessibility permissions for the apps they use. Running frequent malware scans is also advised to detect and remove Chameleon if infected before it can do real damage.
What are the implications of Chameleon Trojan for the Android ecosystem?
Chameleon Trojan is not the first malware to target Android users’ bank accounts, nor will it be the last. Android is the most popular mobile operating system in the world, with over 3 billion active devices. This makes it an attractive target for cybercriminals who want to exploit its vulnerabilities and users’ negligence. Chameleon Trojan shows that malware can evade Google’s security measures and bypass biometric authentication methods, which are supposed to enhance the security of Android devices. This raises serious questions about the safety and privacy of Android users, and the responsibility of Google and app developers to protect them.
