Chameleon Android Malware Can Bypass Biometric Security

A new variant of the Chameleon Android banking trojan features new bypass capabilities and has expanded its targeting area, online fraud detection firm ThreatFabric reports.
Active since early 2023, the malware initially targeted mobile banking applications in Australia and Poland, but has since expanded its reach to the UK and Italy.
When initially uncovered, ThreatFabric explains, Chameleon used multiple loggers, had limited malicious functionality, and contained various unused commands, suggesting that it was still under development.
Employing a proxy feature and abusing Accessibility Services, it could perform actions on behalf of the victim, allowing attackers to engage in Account Takeover and Device Takeover attacks, mainly targeting banking and cryptocurrency applications.
The malware was being distributed through phishing pages, posing as legitimate applications, and using a legitimate content distribution network for file distribution.
ThreatFabric recently identified an updated Chameleon variant, which shows the same characteristics and modus operandi as its predecessor while also packing advanced features.
The new samples are being distributed through the Zombinder, a dropper-as-a-service used in attacks targeting Android users.
The observed Zombinder samples, ThreatFabric says, use a sophisticated two-staged payload process, deploying the Hook malware family along with Chameleon.
One of the most important capabilities in the new Chameleon version is a device-specific check activated when receiving a command from the command-and-control server, which targets the 'Restricted Settings' protections introduced in Android 13.
Upon receiving the command, the Trojan displays an HTML page that asks the victim to enable the Accessibility service.
The page guides the victim through a manual step-by-step process of enabling the service, which then allows the malware to perform DTO. Additionally, the new Chameleon variant packs a new feature to interrupt biometric operations on the victim's device, also enabled via a specific command.
The updated Chameleon variant also introduces task scheduling using the AlarmManager API, a capability observed in other banking trojans but implemented differently.
If the Accessibility option is not implemented, the malware can switch to collecting information on user apps to identify the foreground application and display overlays using the 'Injection' activity.


This Cyber News was published on www.securityweek.com. Publication date: Fri, 22 Dec 2023 18:13:05 +0000


Cyber News related to Chameleon Android Malware Can Bypass Biometric Security

Biometric Authentication in Business: Enhancing Security - With its high level of security, convenience, user-friendliness, and accuracy, biometric authentication is paving the way for the future of secure authentication in the business world. One of the primary advantages of implementing biometric ...
9 months ago Securityzap.com
Biometric Security in Educational Environments - Biometric technology has gained significant attention in recent years as a potential solution to enhance security in educational environments. The adoption of biometric security in educational settings raises important privacy and ethical concerns. ...
10 months ago Securityzap.com
Biometric Authentication: Advancements and Challenges - Advancements in technology are driving the world of biometric authentication into a realm where one's very being serves as the key to accessing secure systems. The Evolution of Biometric Technology has significantly transformed the landscape of ...
7 months ago Securityzap.com
Chameleon Android Trojan Offers Biometric Bypass - A new variant of an Android banking Trojan has appeared that can bypass biometric security to break into devices, demonstrating an evolution in the malware that attackers now are wielding against a wider range of victims. Spread through phishing ...
10 months ago Darkreading.com
New Chameleon Android Trojan Can Bypass Biometric Security - A brand new variant of the Chameleon Android malware has been discovered in the wild, featuring new characteristics, the most notable of which is the ability to bypass fingerprint locks. The Chameleon Android banking malware first appeared in early ...
10 months ago Cysecurity.news
Chameleon Android Malware Can Bypass Biometric Security - A new variant of the Chameleon Android banking trojan features new bypass capabilities and has expanded its targeting area, online fraud detection firm ThreatFabric reports. Active since early 2023, the malware initially targeted mobile banking ...
10 months ago Securityweek.com
Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
4 months ago Pandasecurity.com
Interpol Arrests Smuggler With New Biometric Screening Database - In November, Interpol arrested a fugitive smuggler using a new biometric security system it plans to deploy across its 196 member countries. The colorlessly named "Biometric Hub" collates Interpol's existing fingerprint and facial-recognition data ...
11 months ago Darkreading.com
How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
6 months ago Pandasecurity.com
PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
9 months ago Securityintelligence.com
February 2024's Most Wanted Malware: WordPress Websites Targeted by Fresh FakeUpdates Campaign - Our latest Global Threat Index for February 2024 saw researchers uncover a fresh FakeUpdates campaign compromising WordPress websites. These sites were infected using hacked wp-admin administrator accounts, with the malware adapting its tactics to ...
7 months ago Blog.checkpoint.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
5 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
5 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
5 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
5 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
5 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
5 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
5 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
5 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
5 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
5 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
5 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
5 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
5 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
5 months ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)