ThreatFabrica Dutch company specializing in cybersecurity has raised the alarm: a new version of the malware Chameleon is spreading online, demonstrating surprising abilities to circumvent thebiometric authentication.
Il Banking trojan in question, is active on Android and is causing numerous infections in various countries, includingEurope. The original version of Chameleon was spotted last April by Cyblewith some cases recorded in countries such as Poland and Australia.
According to what was stated by ThreatFabric experts, the malicious agent has obtained a notable update compared to the past, also thanks to the use of a technique known as Device Takeover (DTO) which allowed greater spread of the malware.
Another difference between the previous version and the current one are the diffusion vectors. If sites were used before phishingnow a is used instead Dropper-as-a-Service (DaaS) known as Zombindersold on clandestine forums and can be integrated with legitimate apps to facilitate its diffusion.
Chameleon, bypasses biometric authentication and takes possession of your Android smartphone
As explained by ThreatFabric experts, Chameleon analyzes the operating system on the infected device to find the best way to enable the accessibility service, then acting on the API Android to stop biometric device authentication. Once the trojan obtains all this, it can unlock the device at will, gaining full control over it.
As already announced, however, what concerns us most directly is its diffusion. Europe, with 44 malicious apps modified to spread Chameleon, is second only to the United States (109 apps) and the United Kingdom (48). All this shows how, despite the great efforts of Googlethe Android ecosystem remains particularly susceptible to malware campaigns.
On a practical level, to avoid unpleasant surprises, it is advisable to only download apps verified by Google Store and protect your device with appropriate tools.