December 21, 2023 at 09:33AM
The Chameleon Android banking trojan is back with new tricks, disabling biometrics to steal PINs on Android devices. This upgraded version evades detection by posing as Google Chrome through the Zombinder service. It now targets Android 13 and 14, bypassing security settings to gain accessibility permissions and disrupting biometric operations. It’s crucial to avoid unofficial APKs and keep Play Protect enabled for defense.
The Chameleon Android banking trojan has resurfaced with new tactics to take over devices, including disabling fingerprint and face unlock to steal device PINs. This is accomplished through an HTML page trick to gain access to the Accessibility service and disrupt biometric operations. The malware is currently distributed via the Zombinder service, masquerading as Google Chrome and propagating through APKs. The latest variant can bypass system protections on Android 13 and later to prompt users to grant Accessibility permission. It can also interrupt biometric operations to force PIN or password authentication and has added task scheduling capabilities. It’s crucial to avoid sourcing APKs from unofficial sources, enable Play Protect, and conduct regular malware scans to mitigate the Chameleon threat.