Chameleon Android Trojan Offers Biometric Bypass

A new variant of an Android banking Trojan has appeared that can bypass biometric security to break into devices, demonstrating an evolution in the malware that attackers now are wielding against a wider range of victims.
Spread through phishing pages, the malware's behavior then was characterized by an ability to impersonate trusted apps, disguising itself as institutions like the Australian Taxation Office and popular banking apps in Poland to steal data from user devices.
Now, researchers at Threat Fabric have spotted a new, more sophisticated version of Chameleon that also targets Android users in the UK and Italy, and spreads through a Dark Web Zombinder app-sharing service disguised as a Google Chrome app, they revealed in a blog post published Dec. 21.
The variant includes several new features that make it even more dangerous to Android users that its previous incarnation, including a new ability to interrupt the biometric operations of the targeted device, the researchers said.
By unlocking biometric access, attackers can access PINs, passwords, or graphical keys through keylogging functionalities, as well as unlock devices using previously stolen PINs or passwords.
The variant also has an expanded feature that leverages Android's Accessibility service for device takeover attacks, as well as a capability found in many other trojans to allow task scheduling using the AlarmManager API, the researchers found.
Chameleon: A Shape-Shifting Biometric Capability Overall, the three distinct new features of Chameleon demonstrate how threat actors respond to and continuously seek to bypass the latest security measures designed to combat their efforts, according to Threat Fabric.
The method uses Android's KeyguardManager API and AccessibilityEvent to assess the device screen and keyguard status, evaluating the state of the latter in terms of various locking mechanisms, such as pattern, PIN, or password.
Upon meeting the specified conditions, the malware uses this action to transition from biometric authentication to PIN authentication, bypassing the biometric prompt and allowing the Trojan to unlock the device at will, the researchers found.
This, in turn, provides attackers with two advantages: making it easy to steal personal data such as PINs, passwords, or graphical keys, and allowing them to enter biometrically protected devices using previously stolen PINs or passwords by leveraging Accessibility, according to Threat Fabric.
Another key new feature is an HTML prompt to enable the Accessibility service, on which Chameleon depends to launch an attack to take over the device.
It does this by supporting a new command that can determine whether accessibility is enabled or not, dynamically switching between different malicious activities depending on the state of this feature on the device.
Roid Devices at Risk From Malware With attacks against Android devices soaring, it's more crucial than ever for mobile users to be wary of downloading any applications on their device that seem suspicious or aren't distributed through legitimate app stores, security experts advise.
Threat Fabric managed to track and analyze samples of Chameleon related to the updated Zombinder, which uses a sophisticated two-staged payload process to drop the Trojan.
Threat Fabric published indicators of compromise in its analysis, in the form of hashes, app names, and package names associated with Chameleon so users and administrators can monitor for potential infection by the Trojan.


This Cyber News was published on www.darkreading.com. Publication date: Thu, 21 Dec 2023 16:20:28 +0000


Cyber News related to Chameleon Android Trojan Offers Biometric Bypass

Biometric Authentication in Business: Enhancing Security - With its high level of security, convenience, user-friendliness, and accuracy, biometric authentication is paving the way for the future of secure authentication in the business world. One of the primary advantages of implementing biometric ...
9 months ago Securityzap.com
Biometric Security in Educational Environments - Biometric technology has gained significant attention in recent years as a potential solution to enhance security in educational environments. The adoption of biometric security in educational settings raises important privacy and ethical concerns. ...
10 months ago Securityzap.com
Chameleon Android Trojan Offers Biometric Bypass - A new variant of an Android banking Trojan has appeared that can bypass biometric security to break into devices, demonstrating an evolution in the malware that attackers now are wielding against a wider range of victims. Spread through phishing ...
10 months ago Darkreading.com
Biometric Authentication: Advancements and Challenges - Advancements in technology are driving the world of biometric authentication into a realm where one's very being serves as the key to accessing secure systems. The Evolution of Biometric Technology has significantly transformed the landscape of ...
8 months ago Securityzap.com
New Chameleon Android Trojan Can Bypass Biometric Security - A brand new variant of the Chameleon Android malware has been discovered in the wild, featuring new characteristics, the most notable of which is the ability to bypass fingerprint locks. The Chameleon Android banking malware first appeared in early ...
10 months ago Cysecurity.news
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
Chameleon Android Malware Can Bypass Biometric Security - A new variant of the Chameleon Android banking trojan features new bypass capabilities and has expanded its targeting area, online fraud detection firm ThreatFabric reports. Active since early 2023, the malware initially targeted mobile banking ...
10 months ago Securityweek.com
Interpol Arrests Smuggler With New Biometric Screening Database - In November, Interpol arrested a fugitive smuggler using a new biometric security system it plans to deploy across its 196 member countries. The colorlessly named "Biometric Hub" collates Interpol's existing fingerprint and facial-recognition data ...
11 months ago Darkreading.com
The future of biometrics in a zero trust world - Biometric data obtained from selfies, forged passports and cyberattacks on data stores holding everything from fingerprints to DNA have long been best-sellers on the dark web. Untraceable yet very powerful in allowing attackers to access the most ...
9 months ago Venturebeat.com
UK to replace physical biometric immigration cards with e-visas - By 2025, Britain is set to ditch physical immigration status documents such as Biometric Residence Permits and Biometric Residence Cards in a bid to make its borders digital, which is in-line with developed countries like Australia. Presently, ...
9 months ago Bleepingcomputer.com
Android malware and unwanted software statistics for Q1 2024 - Over 389,000 malicious installation packages were detected, of which: 11,729 packages were related to mobile banking Trojans, 1,990 packages were mobile ransomware Trojans. The rapid growth in the total number of attacks between Q2 and Q4 2023 is ...
5 months ago Securelist.com
Beware, iPhone Users: iOS GoldDigger Trojan can Steal Face ID and Banking Details - Numerous people pick iPhones over Android phones because they believe iPhones are more secure. This may no longer be the case due to the emergence of a new banking trojan designed explicitly to target iPhone users. According to a detailed report by ...
9 months ago Cysecurity.news
First Ever iOS Trojan Steals Facial Recognition Data - A novel, very sophisticated mobile Trojan dubbed GoldPickaxe. iOS that targets iOS users exclusively was discovered to collect facial recognition data, intercept SMS, and gather identity documents. The Asia-Pacific region includes the majority of ...
9 months ago Gbhackers.com
What Is Android System WebView and Should You Uninstall It? | Definition from TechTarget - Android developers use WebView when they want to display webpages or Hypertext Markup Language content in a Google app or other application. Android System WebView is a system component for the Android operating system (OS) that enables Android apps ...
1 month ago Techtarget.com
As Namibians Rush to Register SIMs, Major Telco Hoards Biometric Data - This December, citizens of Namibia are faced with a catch-22. In 10 days, more than half of the population of Namibia may lose phone service. As a price for keeping it, the other half has handed over sensitive biometric data to the country's premier ...
11 months ago Darkreading.com
Face off: Attackers are stealing biometrics to access victims' bank accounts - Biometrics have been touted as the ultimate credential - because after all, faces, fingerprints and irises are unique to every human being. Attackers are increasingly cunning, and it's becoming clear that biometric screens are just as easy to bypass ...
8 months ago Venturebeat.com
Pirated Software Puts Mac Users at Risk as Proxy Malware Emerges - Malware is being targeted at Mac users who receive pirated versions of popular apps from warez websites after they choose to download them from those websites. Various reports state that cybercriminals are infecting macOS devices with proxy trojans ...
11 months ago Cysecurity.news
iOS Malware Steals Faces to Defeat Biometrics With AI Swaps - Chinese hackers have developed a sophisticated banking Trojan for tricking people into giving up their personal IDs, phone numbers, and face scans, which they're then using to log into those victims' bank accounts. Its variants work across iOS and ...
9 months ago Darkreading.com
North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
1 year ago Therecord.media
Best Network Security Providers for Healthcare - The exponential growth of Electronic Health records, telemedicine, and interconnected medical devices creates a complex healthcare ecosystem demanding robust network security. Network security providers specializing in healthcare offer a ...
6 months ago Cybersecuritynews.com
eSecurity Planet - Dashlane is a password management software that's popular for business and personal uses alike. Like many other password managers, Dashlane makes it easy for users to create new passwords and store existing ones in a secure vault. Internet security ...
9 months ago Esecurityplanet.com
Latest Information Security and Hacking Incidents - In recent times, the digital realm has become a battleground where cybercriminals constantly devise new tactics to breach security measures and exploit unsuspecting users. The emergence of the GoldPickaxe Trojan serves as a stark reminder of the ...
9 months ago Cysecurity.news
GrapheneOS: Frequent Android auto-reboots block firmware exploits - The GrapheneOS team behind the privacy and security-focused Android-based operating system with the same name is suggesting that Android should introduce an auto-reboot feature to make exploitation of firmware flaws more difficult. The project ...
10 months ago Bleepingcomputer.com
Are We Experiencing the End of Biometrics? - Biometric security is often viewed as superior to passwords when it comes to protecting sensitive systems or data. The interface between physical and software security, verified by unique personal identifiers like iris scans, fingerprint scans, or ...
8 months ago Cybersecurity-insiders.com
UK e-visa rollout begins today: no more immigration cards for millions - The Home Office has started rolling out e-visas for existing holders of physical immigration documents like Biometric Residence Permits and Biometric Residence Cards. Millions of such residents will start receiving email invites from today, in ...
7 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)