2024-09-18 10:22:32
Recently, cybersecurity researchers have revealed an updated version of the Android banking malware known as ChameleonThis version has expanded its attacks, now including users in the UK and Italy.
The Evolution of Chameleon: A More Structured and Dangerous Malware
Dutch mobile security firm ThreatFabric has reported that Chameleon, originally documented by Cyble in April 2023, has evolved in its ability to perform Device Takeover (DTO) via the company’s accessibility service. Android.
This evolution represents a serious threat to the Android users, highlighting the growing sophistication of banking malware.
Chameleon Distribution and Deception Methods
Zombinder: The Chameleon Delivery Vehicle
One of the new developments in the spread of this malware is its delivery through Zombinder, a dropper as a service (DaaS).
This method allows malicious payloads to be bundled with legitimate applications, significantly increasing the chances of tricking users.
Fraud through Fake Apps
Previous versions of this malware were hosted on phishing pages and disguised as genuine institutions, such as the Australian Taxation Office (ATO) and CoinSpot.
These methods of deception have been a constant in the distribution of malware.
Advanced Features of the Chameleon Variant
New Tactics for Greater Effectiveness
The updated Chameleon now checks the device’s Android version and prompts users to enable the accessibility service, especially on devices running Android 13 or higher.
This feature underlines the importance of user awareness about the permissions granted to applications.
Biometric Operations Disruption
Another notable addition in this malware is its ability to alter biometric authentication mechanisms, showcasing the adaptability and dangerousness of the malware.
Chameleon Protection and Prevention
The Role of Google Play Protect
Despite the threat posed by Chameleon, Google has assured that its function Play Protectenabled by default on devices with Google Play Services, provides protection against these types of threats.
Global Context of Malware in Banking Applications
Zimperium’s report highlights that 29 malware families, including 10 new ones, have attacked 1,800 banking apps in 61 countries in the past year.
This shows that beyond Chameleon, the global threat landscape for banking applications is vast and constantly evolving.
Main Countries and Target Applications
Banking and financial applications from countries such as the United States, the United Kingdom, Italy and Australia are the main victims of these attacks, with an increasing focus on emerging FinTech and Trading applications.
The emergence and evolution of Chameleon reflects an increasingly complex and sophisticated cybersecurity landscape.
For Android users, it is vital to stay informed and be cautious about the apps they download and the permissions they grant.
By: CEO Venezuela