A new Android banking Trojan called Chameleon has been spotted, and it’s specifically targetting Android users to steal their cash from banking and financial apps. The malware tricks victims into granting it permissions by pretending to be a legitimate app, and then can monitor how the phone is being used and intercept credentials.
The most concerning thing about Chameleon is that it bypasses a new “restricted setting feature” introduced in Android 13, which allows the user to decide which apps can access certain features and settings on the device. The malware tricks the victim into granting access to the “restricted setting feature” without the user’s consent and can disable biometric security features such as facial recognition and fingerprint scanners, ultimately taking control of the device.
The Chameleon Trojan uses a fake lock screen to trick users into entering their PIN, ultimately granting access to the phone and banking and financial apps, as well as obtaining other personal information. This enables the malware to send money to the attackers’ accounts or purchase goods online without the user’s knowledge.
There is an “improved” version of the Chameleon trojan that opens an HTML webpage and requests permission from users to change their accessibility settings. This “improvement” helps the attackers avoid detection by scheduling tasks and exploiting the victim’s device when it isn’t usually being used.
To protect your Android phone, avoid sideloading apps from third-party app stores and stick to the Google Play Store or the Samsung Galaxy Store if you have a Galaxy-branded device. Ensure that your Android phone is running the latest version of Android and install any pending updates. Since the Chameleon Trojan uses a keylogger to record passwords, change the passwords to all of your apps, starting with the financial apps. Use strong and unique passwords and avoid changing them on the infected phone but instead use a trusted device like your PC or Mac. Check online accounts for unusual activity and monitor your credit reports for signs of identity theft or fraud. If your banking and credit card information appears to be compromised, inform the banks and credit card companies immediately.
You can ensure that your device has no traces of malware left by performing a factory reset, but make sure to back up your device before doing so and restore it using a trusted device. Although it may not be ideal, a factory reset could help protect your financial accounts from being drained.