Malware ``Chameleon'' that steals PIN codes and passwords disguised as Android version of Chrome is discovered
Security company
Android Banking Trojan Chameleon can now bypass any Biometric Authentication
https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action
Chameleon infiltrates Android smartphones through the Zombinder malware distribution system. Chameleon often infiltrates systems disguised as the Android version of Chrome.
In Android 13 and later versions released in August 2022, when a function that may put your personal information at risk is executed, a pop-up labeled ``Restricted Settings'' will be displayed to block the execution. I did. In order to cancel 'restricted settings' and use the target function, the user needs to manually configure the settings, but Chameleon has a function that displays 'a page that guides you on how to remove 'restricted settings'' is installed, and there is a possibility that users may cancel the 'restricted settings' by themselves.
After gaining permission to operate freely on the system, Chameleon ``skips fingerprint authentication and facial authentication, records the input contents of PIN code authentication and passcode authentication that are executed instead, and steals passcodes.'' Execute the action. According to ThreatFabric, more sophisticated versions of Chameleon have been distributed since it was first discovered in January 2023. ThreatFabric concludes, 'Threat analysis is critical to developing defenses against evolving threats.'
Related Posts:
