December 21, 2023 at 12:18PM
Cybersecurity researchers identified an updated version of Android banking malware “Chameleon,” which expanded its targeting to include users in the U.K. and Italy. The malware excels in executing Device Takeover using the accessibility service and is now being delivered via Zombinder. The latest findings also revealed its ability to disrupt biometric operations.
From the meeting notes, I have gathered that cybersecurity researchers have identified an updated version of an Android banking malware called Chameleon that is now targeting users in the U.K. and Italy. This evolved variant is proficient in performing Device Takeover (DTO) using the accessibility service, and it has been distributed through Zombinder, a dropper-as-a-service (DaaS). The malware masquerades as the Google Chrome web browser and has the capability to prompt users to enable the accessibility service if the infected device is running Android 13 or later. Furthermore, this variant disrupts the biometric operations of the targeted device and can transition the lock screen authentication mechanism to a PIN, allowing the malware to unlock the device using the accessibility service.
Additionally, it was mentioned that Zimperium revealed 29 malware families – 10 of them new – targeted 1,800 banking applications across 61 countries over the past year. The U.S., the U.K., and Italy are among the top countries targeted, with traditional banking applications remaining the prime target, accounting for 61% of the targets.
Overall, these developments underscore the evolving and sophisticated threat landscape within the Android ecosystem, with an increasing focus on banking applications and the emergence of new malware families targeting financial services apps worldwide.
If you need any further information or analysis on these points, please let me know.