Chameleon: The Android Banking Trojan Evolving to Threaten the U.K. and Italy

In the evolving world of cybersecurity, a menacing new threat has reared its head. Cybersecurity experts have caught wind of an advanced variant of Chameleon, an Android banking Trojan notorious for its stealth and cunning. This cunning malware undermines the security of countless mobile banking users, now expanding its nefarious reach to the U.K. and Italy.

Early in April 2023, Chameleon was on the radar for attacks in Australia and Poland. The threat leveraged Android’s accessibility service, a tool designed to aid users but repurposed for malice. It performed overlay attacks, stealing sensitive data right under the users’ noses. Initially, this Trojan slithered into devices via fraudulent apps, cunningly masquerading as legitimate ones. Yet, the malware has evolved.

Chameleon’s new guise is even more sinister. It arrives clandestinely, using Zombinder, a notorious dropper-as-a-service. Zombinder binds malevolent payloads to genuine-looking apps, smuggling in the Trojan without raising alarms. The updated Chameleon can now disrupt biometric authentication, a feature once considered secure against such threats. It ingeniously prompts unsuspecting victims to grant accessibility permissions, escalating its attack capabilities on Android 13 devices.

In addition to its DTO fraud, Chameleon has developed a chilling ability to bypass biometric security checkpoints. When it executes the “interrupt_biometric” command, it switches biometric authentication to PIN entry. The malware uses the AccessibilityEvent action to forcibly transition from biometrics, as detailed in reports from security firms like ThreatFabric.

The spread of this Trojan far exceeds a single application or region. Zimperium’s startling revelations show that 29 malware families have impacted an astounding 1,800 banking applications across 61 countries. It’s a leap from the previous year, where far fewer were under siege.

But Chameleon’s ambitions don’t stop at traditional banking apps. The Trojan also targets FinTech and Trading apps, expanding the perimeter of its attack. The United States tops the list as the most targeted, but the threat is universal, affecting institutions from Turkey to Brazil.

In the face of this growing threat, Zimperium emphasizes the critical need for immediate and sophisticated mobile security. Their Mobile Application Protection Suite is at the forefront, providing a shield in the relentless battle against mobile banking heists.

For individuals and enterprises alike, the message is clear: a proactive and adaptive stance is necessary against such sophisticated cyber adversaries. Now more than ever, due diligence in cybersecurity practices is not just advisable; it’s imperative.