News Excerpt:

A potent variant of the Chameleon Trojan malware is threatening Android users by disabling biometric defences and exposing PINs. 

About ‘Chameleon Trojan’ malware:

• It poses a substantial risk as it can disable even fingerprint and face lock features, to access sensitive information sneakily.
• The malware strategically attaches itself to legitimate Android applications, such as the widely used Google Chrome, effectively avoiding immediate detection. 
• Chameleon Trojan’s modus operandi varies depending on the Android version. On Android 12 and prior iterations, the malware exploits the Accessibility service for unauthorised access. 
• However, with the implementation of Google’s enhanced security restrictions on newer versions, Trojan has adapted its tactics.
• As the ‘accessibility service’ becomes inaccessible behind a ‘Restricted setting,’ Chameleon Trojan employs a deceptive HTML page. 
• This page provides instructions on enabling the service for the designated app, thereby bypassing the device’s security protocols.
• The malware actively pilfers on-screen content, elevates its permissions, and utilises gestures to navigate the device. 
• By capturing entered PINs and passwords, the Trojan gains unauthorised access, paving the way for the theft of sensitive information such as credit card details and login credentials.
• The malware collects data on users’ app usage habits, determining optimal periods for launching attacks when users are least likely to be actively engaged with their devices.

Way forward:

• To mitigate the risk posed by Chameleon Trojan, cybersecurity experts advocate for a cautious approach. 
• Users are strongly advised against installing Android apps from unofficial sources. 
• They should refrain from enabling the ‘Accessibility service’ for unfamiliar applications.