ua en ru

Android virus Chameleon Banking learns to bypass fingerprint unlock

Android virus Chameleon Banking learns to bypass fingerprint unlock Illustrative photo (freepik.com)

At the beginning of 2023, a serious threat to Android users emerged with the Chameleon Banking Trojan. Now, a new version of the malware has appeared, which has "learned" to disable the fingerprint scanner on Android to steal personal data.

RBC-Ukraine reports what is known about the Chameleon virus and how to protect against the Trojan.

Sources used during preparing the material: ThreatFabric, SiliconANGLE.

Key points about Chameleon Banking

In January 2023, the Chameleon Banking Trojan began infiltrating the Android ecosystem, focusing on users in Poland and Australia.

This malware used various distribution methods (preferring to disguise itself as legitimate apps) and demonstrated high adaptability.

The banking Trojan showed a high ability to manipulate the user's device, performing actions on behalf of the victim and capturing either the account or the entire gadget.

Android virus Chameleon Banking learns to bypass fingerprint unlock

Infographics: threatfabric.com

Updated version of Chameleon

The updated version of the Chameleon virus for Android is spreading through the Zombinder service—a set of apps that masquerade as the popular Google Chrome browser.

Experts from ThreatFabric, a company specializing in mobile security research and analysis, found that Zombinder essentially "attaches" malicious software to regular Android apps.

After users download the selected app (unaware that they have infected their smartphone), they are asked to change accessibility settings on a fake HTML page (which looks like a settings section).

This allows the Trojan to change the phone's lock method from biometric to a PIN code (disabling the fingerprint scanner).

When attempting to unlock the smartphone using the fingerprint, the hardware issues an error and prompts the user to enter a digital password.

After unlocking the device using this method, the malware gains almost complete access to the phone and the user's personal data, including passwords.

Android virus Chameleon Banking learns to bypass fingerprint unlock

Chamelon turns off the fingerprint scanner (threatfabric.com)

How to protect your gadget from the Trojan

According to experts, the new Chameleon virus "works" on smartphones with Android 13 and earlier versions of the operating system.

At the same time, it has expanded its "geography," with some considering the UK and Italy as target regions for the malware.

To protect your smartphone, users are advised to:

  • Enable the Play Protect service from Google.

  • Avoid downloading files and apps from unofficial sources.

  • Avoid installing apps through APK files (the format for Android application archive files).

  • Exercise caution with all downloads and apps.

Additionally, we previously discussed 10 features that Android could borrow from the iPhone. Also, learn how artificial intelligence is used for fraud and what can be done about it.