December 21, 2023 at 11:28AM
A new variant of the Android banking Trojan, Chameleon, has evolved to target users in Australia, Poland, UK, and Italy by bypassing biometric security and utilizing new commands. This includes the ability to interrupt biometric operations, employ Android’s Accessibility service for device takeover attacks, and task scheduling through the AlarmManager API. Threat Fabric warns of the growing sophistication and adaptability of this mobile banking threat.
It seems the meeting notes are discussing a new variant of an Android banking Trojan called Chameleon. This new variant has the ability to bypass biometric security on devices, allowing attackers to access PINs, passwords, and graphical keys through keylogging functionalities, as well as unlock devices using previously stolen PINs or passwords. The malware is also capable of leveraging Android’s Accessibility service for device takeover attacks and utilizing the AlarmManager API for task scheduling. The researchers at Threat Fabric have noted that these enhancements make the new Chameleon variant a more potent threat in the ever-evolving landscape of mobile banking trojans.
To mitigate the risk of infection, security experts advise mobile users to be cautious when downloading applications onto their Android devices, particularly those that seem suspicious or are not distributed through legitimate app stores. Threat Fabric has also published indicators of compromise (IoCs) related to the updated Zombinder, which uses a sophisticated two-staged payload process to drop the Trojan, so that users and administrators can monitor for potential infection by Chameleon.
If you have any further questions or need additional information, please feel free to ask.