Our fingerprint is unique and there is no other in the world, so most of us use it to unlock our devices, but also to access our ebanking. But now it might not be so safe, because of the Chameleon Malware, which was released for Android and aims to bypass fingerprint unlocking to steal our device’s PIN.
According to researchers at ThreadFabric, the malware tricks users into enabling accessibility services, allowing attackers to turn off biometric unlocking so that the device only asks the user for the unlock PIN. It then records the PIN and gives it to the attacker. The application is a clone of famous Android applications, with the difference that at some point an HTML page will open, asking users to open the accessibility settings. By doing so, it disables security systems such as fingerprint unlocking. So the user puts in his PIN, which as we said is recorded by the malware, just like any other code he uses.
For example, if you log into your bank with your fingerprint disabled, you will have to enter your password, which will be obtained by the person behind the malware, along with our deposits.
These enhancements elevate the sophistication and adaptability of the new Chameleon variant, making it a more potent threat in the ever-evolving landscape of mobile banking trojans,” ThreatFabric said.
If China’s biggest semiconductor maker gets its way, the US will be in trouble Bleeping Computers noticed that the main source of distribution of the new malware is downloading APKs from unofficial sources, such as untrusted app stores or APK sharing pages.
0 Comments