New Android ‘Chameleon’ Trojan Malware

News Excerpt:

A potent variant of the Chameleon Trojan malware is threatening Android users by disabling biometric defences and exposing PINs. 

About ‘Chameleon Trojan’ malware:

  • It poses a substantial risk as it can disable even fingerprint and face lock features, to access sensitive information sneakily.
  • The malware strategically attaches itself to legitimate Android applications, such as the widely used Google Chrome, effectively avoiding immediate detection
  • Chameleon Trojan’s modus operandi varies depending on the Android version. On Android 12 and prior iterations, the malware exploits the Accessibility service for unauthorised access. 
    • However, with the implementation of Google’s enhanced security restrictions on newer versions, Trojan has adapted its tactics.
  • As the ‘accessibility service’ becomes inaccessible behind a ‘Restricted setting,’ Chameleon Trojan employs a deceptive HTML page
    • This page provides instructions on enabling the service for the designated app, thereby bypassing the device’s security protocols.
  • The malware actively pilfers on-screen content, elevates its permissions, and utilises gestures to navigate the device. 
  • By capturing entered PINs and passwords, the Trojan gains unauthorised access, paving the way for the theft of sensitive information such as credit card details and login credentials.
  • The malware collects data on users’ app usage habits, determining optimal periods for launching attacks when users are least likely to be actively engaged with their devices.

Way forward:

  • To mitigate the risk posed by Chameleon Trojan, cybersecurity experts advocate for a cautious approach. 
  • Users are strongly advised against installing Android apps from unofficial sources. 
  • They should refrain from enabling the ‘Accessibility service’ for unfamiliar applications.

Book A Free Counseling Session