Time is Running Out: Send Your Name to Jupiter’s Moon Europa with This Simple Guide
Send your name on a NASA mission exploring Jupiter’s ıcy moon Europa: Here’s How ?
Security researchers have a new version of the ‘Chameleon Trojan’ malware that can disable biometric authentication methods like fingerprint and face unlock to steal your phone’s PIN.
According to ThreatFabric, a cybersecurity company tracking the malware since its discovery earlier this year, Cameleon Trojan attaches itself to legitimate Android apps like Google Chrome to avoid detection and runs the code in the background.
A recent report by Bleeping Computer also says that the threat actors working on the malware claim that Cameleon Trojan bundles are undetectable in runtime, allowing it to bypass Google Protect alerts and security software running on the device.
On Android 12 and previous versions, the malware uses the Accessibility service to gain unauthorised access but works a bit differently on newer versions of the operating system due to Google’s new security restrictions.
Since the ‘accessibility service’ is locked behind a new ‘Restricted setting’ option, Chameleon Trojan shows an HTML page with instructions on how to enable the service for the app, allowing it to bypass the device’s security mechanisms.
It steals on-screen content, gives itself more permission and can even navigate using gestures to capture any PINs and passwords users enter to unlock the device. Chameleon Trojan then uses the stolen PIN to unlock the device in the background and steal more sensitive information like credit card passwords, login credentials and more.
Researchers also say that the malware collects information on app usage habits to determine when the user is using their device and launch attacks when they are least likely to use it.
Protect Yourself from the Chameleon Trojan: Avoid Installing Android Apps from Unofficial Sources, Refrain from Enabling ‘Accessibility Service’ for Unknown Apps, Run Regular Security Scans, and Keep Google Play Protect Enabled.