News Excerpt:
A potent variant of the Chameleon Trojan malware is threatening Android users by disabling biometric defences and exposing PINs.
About ‘Chameleon Trojan’ malware:
- It poses a substantial risk as it can disable even fingerprint and face lock features, to access sensitive information sneakily.
- The malware strategically attaches itself to legitimate Android applications, such as the widely used Google Chrome, effectively avoiding immediate detection.
- Chameleon Trojan’s modus operandi varies depending on the Android version. On Android 12 and prior iterations, the malware exploits the Accessibility service for unauthorised access.
- However, with the implementation of Google’s enhanced security restrictions on newer versions, Trojan has adapted its tactics.
- As the ‘accessibility service’ becomes inaccessible behind a ‘Restricted setting,’ Chameleon Trojan employs a deceptive HTML page.
- This page provides instructions on enabling the service for the designated app, thereby bypassing the device’s security protocols.
- The malware actively pilfers on-screen content, elevates its permissions, and utilises gestures to navigate the device.
- By capturing entered PINs and passwords, the Trojan gains unauthorised access, paving the way for the theft of sensitive information such as credit card details and login credentials.
- The malware collects data on users’ app usage habits, determining optimal periods for launching attacks when users are least likely to be actively engaged with their devices.
Way forward:
- To mitigate the risk posed by Chameleon Trojan, cybersecurity experts advocate for a cautious approach.
- Users are strongly advised against installing Android apps from unofficial sources.
- They should refrain from enabling the ‘Accessibility service’ for unfamiliar applications.