"New Chameleon Android Malware Mimics Bank, Govt, and Crypto Apps"

Since the start of the year, a new Android Trojan called Chameleon has been targeting users in Australia and Poland by imitating the CoinSpot cryptocurrency exchange, an Australian government agency, and the IKO bank. The cybersecurity company Cyble discovered the mobile malware and reported its distribution, which is through compromised websites, Discord attachments, and Bitbucket hosting services. Chameleon includes various malicious capabilities, such as stealing user credentials via overlay injections and keylogging, cookies, and SMS texts from an infected device. Chameleon is an emerging threat, with future variants expected to include additional features and capabilities. Therefore, Android users are advised to exercise caution when installing apps on their devices, to only download software from official stores, and to keep Google Play Protect enabled at all times. This article continues to discuss researchers' findings and observations regarding the new Chameleon Android Trojan. 

Bleeping Computer reports "New Chameleon Android Malware Mimics Bank, Govt, and Crypto Apps"