Chameleon has new powers to ignore fingerprints and force PIN security to hack banking and crypto apps.
As technology grows daily, so does malware and one among many can now get around one of the toughest security measures on Android. This is the Chameleon malware, known for hiding quietly inside a device while stealing information.
Chameleon was first detected earlier this year and only known to affect users in Australia and Poland. At that time, the malware only had limited capabilities and could be countered by some mobile security measures.
However, the malware evolved into something more dangerous because it could now bypass one of the strongest mobile security measures – the fingerprint biometric. This biometric is higher than PIN and some apps, services, or mobile functions limit access to fingerprint permission only.
How Chameleon Bypasses Fingerprint Security
At ThreatFabric, researchers identified two new powers of Chameleon. First, it now has an extended reach after it was found in Italy and the UK. It means that the malware can grow to reach even more territories.
Second, it can now bypass fingerprint security by forcing the use of PIN. The malware utilizes the KeyguardManager API and AccessibilityEvent to check security measures, and then deploys the AccessibilityEvent to favor PIN authorization. This is major because a user may not realize that an attack is happening since the PIN still works.
What Does Chameleon Do?
Once it takes control of the device, it can easily gather user information to log in banking and crypto apps. Threat actors can steal data from those apps, leaving users confused as to what happened despite security measures in place.
How to Counter Chameleon?
Never download apps from third-party sources. Always download your apps from the Google Play Store.
According to a report, the Play Store’s Play Protect security feature protects Android users from the Chameleon malware.
In case you get apps elsewhere, Chameleon typically conceals itself as a harmless Chrome browser. This poser includes “com.busy.lady” in their package when inspected closely.
If you can’t get rid of that, you may need to reset your phone completely to restore the factory apps that came with your device. You may use antivirus apps and see if they can work on this elusive malware.
