Android Banking Trojan Chameleon Is Back With Enhanced Capabilities That Can Disable Biometrics To Steal Your Passwords

The Chameleon banking trojan, which first surfaced in Jan. 2023, has returned with sophisticated updates capable of bypassing biometric authentication on Android devices.

What Happened: The Chameleon banking trojan is now capable of disabling biometric authentication set up by Android users, allowing it to steal passwords and PINs using key-logging, according to cybersecurity research firm ThreatFabric.

The trojan is targeting Android users in the U.K. and Italy, broadening its original focus from Australia and Poland.

The report discloses that the updated Chameleon variant possesses the ability to circumvent biometric prompts and present an HTML page to activate accessibility service in devices deploying Android 13’s "Restricted Settings" feature.

See Also: Microsoft Just Paid $76M For A Pumpkin Farm In Wisconsin — Here’s Why

The trojan guises as a Alphabet Inc.'s GOOG GOOGL Google Chrome apps and uses Device Takeover (DTO) capabilities via the Accessibility Service and introduces advanced functions.

Moreover, the new variant of the trojan can disrupt biometric operations on the targeted device, compelling a switch from biometric to PIN authentication. This enables the trojan to steal PINs, passwords, or graphical keys, subsequently unlocking the device at its discretion.

The report underscores the importance of comprehending the nuances of the new Chameleon variant in devising effective defensive measures.

The firm remains committed to shedding light on such threats to aid users and security professionals in protecting their digital territories.

Why It Matters: This resurgence of the Chameleon banking trojan is part of a larger trend of increasingly sophisticated Android malware attacks.

In June, an updated version of the Android malware GravityRAT resurfaced, stealing WhatsApp backup files from phones.

Then in August of the same year, a study revealed thousands of Android app files infected with advanced malware capable of evading most threat detection tools.

Image credits – Shutterstock

Check out more of Benzinga's Consumer Tech coverage by following this link.

Read Next: A New Tech Could Fix The Two Major Issues With OLED Screens Of Smartphones And TVs

Disclaimer: This content was partially produced with the help of Benzinga Neuro and was reviewed and published by Benzinga editors.

Market News and Data brought to you by Benzinga APIs
Comments
Loading...
Posted In:
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!