Sunday, December 31, 2023

Android Banking Trojan Chameleon can now bypass any Biometric Authentication

The Android Banking Trojan Chameleon has recently been updated with new features, including the ability to bypass any biometric authentication. This variant of the Chameleon malware has been active since early 2023 and initially targeted mobile banking applications in Australia and Poland, but has since expanded its reach to the UK and Italy. The updated Chameleon variant has two notable new features:

Bypassing Biometric Authentication: The malware uses an HTML page to guide the victim through a manual step-by-step process to enable the Accessibility service on their device. This allows the malware to perform Device Takeover (DTO) and bypass biometric authentication, such as fingerprint locks. This bypass method provides underground actors with two advantages: the ability to steal PINs, passwords, or graphical keys through keylogging functionalities, as biometric data remains inaccessible to them, and the ability to unlock devices using previously stolen PINs or passwords.

Task Scheduling: The updated Chameleon variant introduces task scheduling using the AlarmManager, allowing the malware to perform unauthorized actions on the user's behalf at specific times.

These new features make the Chameleon malware more sophisticated and adaptable, posing a significant threat to the mobile security landscape. It is essential to maintain robust cybersecurity measures to mitigate the risk of malware delivery and social engineering attacks.

IoC

    SHA256

  • 0a6ffd4163cd96d7d262be5ae7fa5cfc3affbea822d122c0803379d78431e5f6
  • 2211c48a4ace970e0a9b3da75ac246bd9abaaaf4f0806ec32401589856ea2434

REFERENCES

  • https://www.securityweek.com/chameleon-android-malware-can-bypass-biometric-security/
  • https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action
  • https://siliconangle.com/2023/12/24/new-chameleon-android-malware-variant-emerges-fingerprint-lock-bypass-capability/
  • https://otx.alienvault.com/pulse/6585a108d98cf0b320927060

TAGS

android, chameleon, zombinder, device takeover, trojan, html page, chameleon banking

at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Fog of Cyber Warfare: Cloud Atlas Spies Attack Russian Companies Under the guise of Supporting NWO Participants

Cloud Atlas is a pro-government advanced persistent threat (APT) group that specializes in cyber espionage and theft of confidential informa...