Chameleon Banking Trojan is a significant threat, attacking the Android ecosystem, particularly targeting users in Australia and Poland. The Trojan primarily aims at mobile banking applications, disguises itself as a legitimate app through phishing pages and uses a legitimate Content Distribution Network (CDN) for file distribution. The malware showcases new advanced features and commands with considerable focus on executing Device Takeover (DTO) using the Accessibility Service. In response to this threat, our investigation provides an in-depth analysis of the Chameleon malware variant, particularly those distributed via Zombinder. As an evolved version of its predecessor, it exhibits enhanced features and an expanded targeted region that includes Android users in the United Kingdom (UK) and Italy. The updated Chameleon Trojan has improved its technical capabilities, introducing features that allow it to bypass biometric prompts, display HTML pages for enabling accessibility service on devices running Android 13, and disrupting biometric operations. The malware also incorporates task scheduling and activity control through the AlarmManager API, indicating advanced and dynamic adaptability to bypass the most recent security measures. This article seeks to address the intricacies of the new Chameleon banking trojan, illustrating the threat it poses to the cybersecurity landscape.
Show Comments