"Chameleon Android Trojan: Stealing PINs by Bypassing Biometric Authentication"
Originally Published 2 years ago — by The Hacker News
A new variant of the Android banking malware called Chameleon has been discovered, expanding its targeting to users in the U.K. and Italy. This evolved version of Chameleon excels in executing Device Takeover (DTO) using the accessibility service and is now being delivered via Zombinder, a dropper-as-a-service. The malware masquerades as the Google Chrome web browser and tricks users into enabling the accessibility service by checking the Android version on the device. It also disrupts biometric operations by transitioning the lock screen authentication mechanism to a PIN, allowing the malware to unlock the device at will. This development highlights the sophisticated and adaptive nature of the Android threat landscape.