The Android Banking Trojan Chameleon has recently been updated with new features, including the ability to bypass any biometric authentication. This variant of the Chameleon malware has been active since early 2023 and initially targeted mobile banking applications in Australia and Poland, but has since expanded its reach to the UK and Italy. The updated Chameleon variant has two notable new features:
Bypassing Biometric Authentication: The malware uses an HTML page to guide the victim through a manual step-by-step process to enable the Accessibility service on their device. This allows the malware to perform Device Takeover (DTO) and bypass biometric authentication, such as fingerprint locks. This bypass method provides underground actors with two advantages: the ability to steal PINs, passwords, or graphical keys through keylogging functionalities, as biometric data remains inaccessible to them, and the ability to unlock devices using previously stolen PINs or passwords.
Task Scheduling: The updated Chameleon variant introduces task scheduling using the AlarmManager, allowing the malware to perform unauthorized actions on the user's behalf at specific times.
These new features make the Chameleon malware more sophisticated and adaptable, posing a significant threat to the mobile security landscape. It is essential to maintain robust cybersecurity measures to mitigate the risk of malware delivery and social engineering attacks.
IoC
SHA256
- 0a6ffd4163cd96d7d262be5ae7fa5cfc3affbea822d122c0803379d78431e5f6
- 2211c48a4ace970e0a9b3da75ac246bd9abaaaf4f0806ec32401589856ea2434
REFERENCES
- https://www.securityweek.com/chameleon-android-malware-can-bypass-biometric-security/
- https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action
- https://siliconangle.com/2023/12/24/new-chameleon-android-malware-variant-emerges-fingerprint-lock-bypass-capability/
- https://otx.alienvault.com/pulse/6585a108d98cf0b320927060
TAGS
android, chameleon, zombinder, device takeover, trojan, html page, chameleon banking
No comments:
Post a Comment