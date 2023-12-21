A new variant of the Chameleon banking malware has been discovered by cybersecurity researchers, indicating an expansion of its target regions to include the United Kingdom and Italy. This evolved version of the malware, capable of executing Device Takeover (DTO) attacks using the accessibility service, demonstrates increased resilience and advanced features, according to Dutch mobile security firm ThreatFabric.

Previously, Chameleon had primarily targeted users in Australia and Poland, utilizing phishing pages that impersonated legitimate institutions like the Australian Taxation Office and a cryptocurrency trading platform. However, the latest findings reveal that the banking trojan is now being distributed via Zombinder, a dropper-as-a-service (DaaS) that binds malicious payloads to genuine apps. This method allows the malware to bypass Android’s ‘Restricted Settings’ feature and gain access to the accessibility service.

One notable enhancement in the new variant is its ability to perform Device Takeover (DTO) fraud, enabling unauthorized actions on victims’ devices. To convince users to enable the accessibility service, the malware checks the Android version and prompts users to activate it if it detects Android 13 or later.

Additionally, the updated version employs Android APIs to disrupt the biometric operations of the targeted device, transitioning the lock screen authentication to a PIN. This technique allows the malware to unlock the device at will using the accessibility service.

The emergence of the Chameleon banking trojan highlights the sophisticated and adaptable nature of threats within the Android ecosystem, as cybercriminals continually evolve their tactics to overcome security measures. Recent research by Zimperium further revealed that 29 malware families, including 10 new ones, targeted over 1,800 banking applications across 61 countries in the past year. Traditional banking applications were the primary target, accounting for 61% of the total, followed by emerging FinTech and trading apps.

It is crucial for Android users to remain vigilant and employ robust security measures to protect their devices and sensitive information. Regularly updating devices to the latest Android version and installing reliable antivirus software can help mitigate the risk of falling victim to banking trojans like Chameleon.