Related Post
The malware known as Chameleon in Android devices disables the fingerprint or face unlock feature and uses your stolen personal identification number (PIN), according to TechRadar.
According to cybersecurity researchers from ThreatFabric, this malicious program has evolved to give attackers the ability to disable the fingerprint unlock feature and steal users’ personal identification code.
Chameleon is similar to other banking malware that exploits a flaw in Android’s access service to steal sensitive information and launch sophisticated attacks.
This new version comes with two notable changes: the ability to defraud by hijacking the PIN on the device, and the ability to change the lock screen to use the PIN you captured instead of the face or fingerprint feature.
With the first new capability, the malware will first scan to see if the operating system is Android 13 or later. If so, the user will be prompted to turn on accessibility services, will even guide them through the process, and once completed, perform unauthorized actions on the user’s behalf.
Theft of personal identification (PIN) codes
ThreatFabric researchers said: “When confirmation of the existence of system settings is received Android 13 On the affected device, the banking malware starts loading an HTML page,” they added, adding that the page “guides users through a manual step-by-step process to enable the Accessibility service for newer versions on Android 13.”
With the second new capability, the chameleon program will use Android APIs to quietly change the lock screen authentication mechanism to a PIN, to allow malware to unlock the phone without the user knowing. For this feature to work, accessibility services must also be granted.
“The new version of the Chameleon program is another example of the evolution and adaptability of threats within the Android ecosystem,” the company said.
The new version of the malware has also expanded its reach, moving from Australia and Poland to other regions including the UK and Italy.
