The Chameleon banking trojan, an Android virus that steals credentials from mobile banking applications and spreads through phishing pages and APK files, resurfaced and attacked in the final days of the year.
Emerging in January 2023, this powerful threat has resurfaced with a new version that uses a deceptive technique to take control of devices: disabling face and fingerprint unlock to steal devices’ PIN.
Read also: The 7 most common cybersecurity mistakes we all make: so you can avoid them
This Chameleon variant activates on Android 13 and above and requires permission to use the accessibility service. Since operating systems are protected by a security feature called Restricted Settings, which blocks the approval of dangerous permissions, the Trojan loads an HTML page that guides the user through a manual process to enable and bypass system protection and grant permissions additional.
Android warning: a virus cancels your phone’s fingerprint unlock and steals your homebanking keys. (Photo: AdobeStock)
This allows the virus to disrupt biometric operations on the device, such as face and fingerprint unlocking. Therefore, through the accessibility service, it forces authentication via PIN or password.
The malware captures these credentials, stores them, and sends them to cyber criminals so they can later use them to unlock the device at will and perform malicious activities hidden from the user’s view.
What are the consequences of a chameleon attack?
When the Trojan disables the option to log in to your device with your fingerprint, it records your credentials and every gesture or combination you use on the screen. You will then be able to access your profiles and, from the banking apps, access your accounts. Once inside, they will be able to make transfers to empty your savings.
Read also: Phishing, identity theft and WhatsApp hijacking are the 3 most common cases of digital fraud in the region
As if that wasn’t enough, Chameleon has an activity scheduling system to manage the victim’s activity periods and define the type of attack. Depending on whether Accessibility is activated or deactivated, the malware adapts to launching overlay attacks (a technique that consists of superimposing a module on the application used, such as a pop-up screen that camouflages itself among the official contents) or to collect data on using the app to decide the best time to inject.
How to protect yourself from the Chameleon Trojan
To protect yourself from this dangerous malware, avoid downloading any kind of APK (Android package file) from unofficial sources and sites as this is one of the main distribution and propagation methods of Chameleon.
Also, make sure you have the latest version of Android installed and run regular scans to ensure your device is free of malware and adware.
2023-12-29 21:58:17
#Warning #Android #virus #cancels #phones #fingerprint #unlock #steals #home #banking #keys