The Chameleon Android banking trojan has resurfaced with a new version featuring advanced techniques to compromise devices by disabling fingerprint and face unlock capabilities to steal PINs. The malware uses an HTML page trick to gain access to the Accessibility service, disrupting biometric operations to acquire PINs and gain unauthorized access to the device. The latest variant, distributed via the Zombinder service posing as Google Chrome, showcases increased sophistication, posing a potent threat in the evolving landscape of mobile banking trojans.
The malware adapts to Android 13 and later, overcoming the Restricted setting, and introduces task scheduling through the AlarmManager API for enhanced adaptability. Researchers at ThreatFabric discovered the Chameleon variant employing novel strategies, including displaying HTML pages on Android 13 and later devices to trick users into enabling the Accessibility service, evading the system’s protection. Another noteworthy feature disrupts biometric operations, forcing a fallback to PIN or password authentication, enabling the malware to capture and misuse entered credentials for malicious activities. Additionally, Chameleon introduces task scheduling through the AlarmManager API, enhancing its adaptability and sophistication.
The Trojan’s distribution via the Zombinder service emphasizes the need for users to avoid unofficial sources for Android package files, and it underscores the importance of maintaining Play Protect and running regular scans to ensure device security. The resurgence of the Chameleon Android banking trojan highlights its ability to evolve and employ advanced tactics, posing a significant threat to device security. The new variant’s capabilities, such as disabling biometrics and leveraging HTML page tricks, showcase the malware’s adaptability and sophistication.
Users are cautioned to exercise caution when downloading Android package files, particularly from unofficial sources, and to prioritize security measures like Play Protect and regular device scans to mitigate the risks associated with evolving mobile banking trojans. The Chameleon Trojan’s ability to disrupt biometrics underscores the persistent challenge of staying ahead of malicious actors in the dynamic landscape of mobile cybersecurity.