Chameleon Trojan

Chameleon Trojan mind map
Recent News
New variant discovered
First detected early 2023
To steal credentials
Mimics legitimate apps
Bypasses biometric security
Disables biometric authentication
Collects sensitive information
Tracks app usage habits
Uses Accessibility service
Initially Australia, Poland
Expanded to UK, Italy
Online fraud detection firm
Embeds in Android apps
Operates in background
Shows HTML page for Accessibility service
Employs stolen PIN
Steals credit card details, login credentials
High risk for Android users
Way Forward
Avoid unofficial app sources
Do not enable Accessibility service for unknown apps
Run regular security scans
Keep Google Play Protect enabled

The Chameleon Trojan is a newly identified variant of Android banking malware first detected in early 2023. It’s known for its ability to mimic legitimate apps, thereby bypassing biometric security measures like fingerprint and face unlock to steal phone PINs and other sensitive information. Initially targeting Australia and Poland, its reach has expanded to the UK and Italy. ThreatFabric, an online fraud detection firm, has been closely monitoring this evolving threat. The Trojan operates by embedding itself in legitimate Android apps like Google Chrome, running undetected in the background. It employs various tactics such as using the Accessibility service to gain unauthorized access and employing stolen PINs to unlock devices and steal data like credit card details and login credentials. To protect against this malware, users are advised to avoid unofficial app sources, refrain from enabling the Accessibility service for unknown apps, run regular security scans, and keep Google Play Protect enabled.

Related Posts

Notify of
Inline Feedbacks
View all comments
Home Courses Plans Account