New Android malware

The risks associated with cyberspace are not always obvious, much like in the real world. Often, what seems safe and comfortable conceals a cunning imposter who is just waiting to take advantage. This is the situation with the recently found malware known as the Chameleon Android banking trojan, so named because of its capacity for disguising itself. Put differently, it's an Android trojan that can change its shape and bypass security to steal passwords and PINs.

ThreatFabric's cybersecurity experts claim that this new trojan isn't totally original. It first appeared in the beginning of 2023, but it has since changed, losing its former appearance and revealing a more sophisticated and cunning version. The most recent version of Chameleon, according to researchers, uses a clever technique to compromise devices. Specifically, it makes use of a devious HTML page trick that allows unauthorised access to users' most private data.

Imagine a chameleon that blends in perfectly with its environment. That is the way this malware functions. It is delivered via the Zombinder service and poses as genuine apps, in this case, Google Chrome. By attaching malware to legitimate apps, Zombinder allows you to continue using the app while the malicious code remains hidden from most antivirus programs.

After Chameleon has gained access to your device, it uses techniques to gain unauthorized access. With the help of a phony HTML page, it deceives users on Android 13 and later into activating the Accessibility service, which gives them access to gesture control, additional permissions, and on-screen content.

By using the Accessibility service, the malware deftly gets around the "Restricted setting" security feature and biometric authentication, capturing entered data. Furthermore, this malware employs the AlarmManager API to schedule actions based on the accessibility status in order to launch timely overlay attacks in order to steal data or gather information about app usage.

What are the risks:

• Financial theft: It has the ability to steal your bank account information, putting your private financial data at risk and resulting in dire financial repercussions.

• Unauthorized access: Chameleon is capable of gaining complete control over your devices by using passwords and PINs that have been stolen. This effectively gives bad actors control over your digital devices and makes it possible for unauthorised transactions and sensitive data theft.

• Breach of privacy: Your personal messages, app usage, and online activity are all made public by theft. This information is susceptible to being monitored and stolen by Chameleon, making you a target for identity theft and other online crimes.

Users are recommended to follow several important guidelines in order to protect themselves against the Chameleon threat and related Android malware. The first piece of advice is to stay away from downloading APKs (Android package files) from unofficial sources, as this is how the Zombinder service is mostly distributed. Choose trustworthy app stores to reduce the possibility of coming across harmful software.

Additionally, make sure Google Play Protect is always turned on on Android phones. As a built-in defense mechanism, Play Protect looks for possible dangers in apps. Additionally, to find and get rid of any malware or adware, do routine security scans on your device with reliable anti-virus software.