Security researchers at Threat Fabric have discovered a new variant of the Android banking trojan Chameleon. This new variant supports new device takeover capabilities that include the ability to bypass biometric prompts.
Chameleon emerged as a threat in January 2023. It was distributed using various methods to infiltrate Android devices. The initial focus of the banking trojan were users in Poland and Australia.
The trojan targeted banking apps primarily and was distributed through phishing websites by disguising itself as legitimate applications. In Poland, Chameleon disguised itself as legitimate banking apps while it claimed to be an official app of the Taxation Office in Australia.
The new variant of Chameleon takes things a step further. Besides targeting Android users in the United Kingdom and Italy as well, it is equipped with new capabilities that make it even more dangerous.
Threat Fabric explains that the new variant likes to disguise it as Google Chrome, the world's most popular web browser. The variant supports two new capabilities.
The first, HTML Prompt to Enable Accessibility Service, responds dynamically to Android 13 devices with applied restrictions on applications. It displays an HMTL page to users in this case that prompts them to enable Accessibility services. The step is of utmost importance, as Chameleon relies on the Accessibility service to run its device takeover attacks.
The researchers explain: "Upon receiving confirmation of Android 13 Restricted Settings being present on the infected device, the banking trojan initiates the loading of an HTML page. The page is guiding users through a manual step-by-step process to enable the Accessibility Service on Android 13 and higher. The visual representation below provides an overview of the new Chameleon variant's adaptation in response to the Android 13 environment."
The second major feature of the new Chameleon variant is its ability to interrupt biometric operations on infected devices. The core idea behind this feature is to switch from biometric authentication, for instance via a fingerprint, to Pin-based authentication.
This allows the trojan to capture the user's PIN, password or pattern. These may then be used by the trojan to unlock device.
Another improved feature uses Task Scheduling using the AlarmManager API. The trojan implements a dynamic approach again. In essence, it enables the trojan to determine the foreground app. It needs the information to determine whether it will display overlays and inject activity.
The researchers note that attacks rely on the distribution of Android APK files through third-party sources. There is clearly no need to download Google Chrome or other important applications from a third-party source.
The new trojan may target specific regions primarily, but it is clear that operations will expand to other regions in the future.
Now You: do you download and install APK files from third-party sources?
Just over a year ago, Apple Intelligence was announced. It continues to be somewhat of a ‘meh’ affair compared to other rival products like Microsoft’
What’s happened? A supposed GPT-5 system prompt leaked via Reddit and GitHub this weekend. The prompt reveals the exact rules given to ChatGPT for int
articiOver the past few years, AI has gone from limited chatbots to suddenly dominating the news cycle every single day. There are a range of AI chatb
OpenAI released a paper last week detailing various internal tests and findings about its o3 and o4-mini models. The main differences between these ne
Although the entire AI boom was triggered by just one ChatGPT model, a lot has changed since 2022. New models have been released, old models have been
ChatGPT usage is more prevalent than ever, and its current model offers a monthly subscription of $20 for ChatGPT Plus or the mind-boggling steep $200
Nearly two billion people across the world suffer from a blood condition called anemia. People living with anemia have a lower than average number of
The idea of a truly helpful digital assistant has caught more steam ever since products like ChatGPT landed on the scene. Google’s Gemini has inched p
We are a comprehensive and trusted information platform dedicated to delivering high-quality content across a wide range of topics, including society, technology, business, health, culture, and entertainment.
From breaking news to in-depth reports, we adhere to the principles of accuracy and diverse perspectives, helping readers find clarity and reliability in today’s fast-paced information landscape.
Our goal is to be a dependable source of knowledge for every reader—making information not only accessible but truly trustworthy. Looking ahead, we will continue to enhance our content and services, connecting the world and delivering value.
