"Android Malware Chameleon Disables Fingerprint Unlock to Steal Pins"

The Chameleon Android banking trojan has resurfaced with a new version that disables fingerprint and face unlock in order to steal device PINs and take over devices. The technique involves using an HTML page trick to gain access to the Accessibility service and a method to disrupt biometric operations. Earlier Chameleon versions discovered in April this year impersonated Australian government agencies, banks, and the CoinSpot cryptocurrency exchange. They conducted keylogging, overlay injection, cookie theft, and SMS theft on compromised devices. ThreatFabric researchers who have been tracking the malware report that it is currently being distributed through the Zombinder service, posing as Google Chrome. According to researchers, Zombinder "glues" malware to legitimate Android apps, allowing victims to experience full functionality and making it less suspicious. This article continues to discuss findings regarding the new version of the Chameleon Android banking trojan.

Bleeping Computer reports "Android Malware Chameleon Disables Fingerprint Unlock to Steal Pins"

Submitted by grigby1

Submitted by Gregory Rigby on