Malware News Android malware Chameleon disables Fingerprint Unlock to steal PINs


Level 76
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
The Chameleon Android banking trojan has re-emerged with a new version that uses a tricky technique to take over devices — disable fingerprint and face unlock to steal device PINs.

It does this by using an HTML page trick to acquire access to the Accessibility service and a method to disrupt biometric operations to steal PINs and unlock the device at will.

Earlier versions of Chameleon spotted in April this year impersonated Australian government agencies, banks, and the CoinSpot cryptocurrency exchange, performing keylogging, overlay injection, cookie theft, and SMS theft on compromised devices.

Researchers at ThreatFabric, who have been following the malware, report that it is currently distributed via the Zombinder service, posing as Google Chrome.

Zombinder "glues" malware to legitimate Android apps so that victims can enjoy the full functionality of the app they intended to install, making it less likely to suspect that dangerous code is running in the background.

The platform claims its malicious bundles are undetectable in runtime, bypassing Google Protect alerts and evading any anti-virus products running on the infected device.
To keep the Chameleon threat at bay, avoid sourcing APKs (Android package files) from unofficial sources, as this is the primary distribution method for the Zombinder service.

Additionally, ensure that Play Protect is enabled at all times, and run regular scans to ensure your device is clean of malware and adware.


New Member
Dec 19, 2023
And app developers should think about how best to protect biometric systems from such tricks. Security comes first!

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.