Gandalf_The_Grey
Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,189
The Chameleon Android banking trojan has re-emerged with a new version that uses a tricky technique to take over devices — disable fingerprint and face unlock to steal device PINs.
It does this by using an HTML page trick to acquire access to the Accessibility service and a method to disrupt biometric operations to steal PINs and unlock the device at will.
Earlier versions of Chameleon spotted in April this year impersonated Australian government agencies, banks, and the CoinSpot cryptocurrency exchange, performing keylogging, overlay injection, cookie theft, and SMS theft on compromised devices.
Researchers at ThreatFabric, who have been following the malware, report that it is currently distributed via the Zombinder service, posing as Google Chrome.
Zombinder "glues" malware to legitimate Android apps so that victims can enjoy the full functionality of the app they intended to install, making it less likely to suspect that dangerous code is running in the background.
The platform claims its malicious bundles are undetectable in runtime, bypassing Google Protect alerts and evading any anti-virus products running on the infected device.
To keep the Chameleon threat at bay, avoid sourcing APKs (Android package files) from unofficial sources, as this is the primary distribution method for the Zombinder service.
Additionally, ensure that Play Protect is enabled at all times, and run regular scans to ensure your device is clean of malware and adware.
Android malware Chameleon disables Fingerprint Unlock to steal PINs
The Chameleon Android banking trojan has re-emerged with a new version that uses a tricky technique to take over devices — disable fingerprint and face unlock to steal device PINs.
www.bleepingcomputer.com