Chameleon Android Malware Poses Threat to Fingerprint Unlock, Steals PINs

The Chameleon Android malware has been updated to bypass fingerprint security features and steal PINs instead. Researchers from ThreatFabric discovered that the malware can trick users into enabling accessibility services, allowing attackers to change the phone's lock type from biometric to PIN. The malware disguises itself as legitimate Android apps and displays an HTML page asking victims to turn on accessibility settings. Once the accessibility services are enabled, attackers can bypass protections, including fingerprint unlock. The malware can steal PINs or passwords entered after the victim has turned off their fingerprint lock. People should be cautious when using apps, especially banking apps, and ensure they are using legitimate sources. The malware has evolved to bypass biometric security measures such as fingerprint and facial recognition. It uses a proxy feature and abuses Accessibility Services to perform actions on behalf of the victim, allowing attackers to engage in Account Takeover (ATO) and Device Takeover (DTO) attacks. The malware is being distributed through phishing pages, posing as legitimate applications, and using a legitimate content distribution network (CDN) for file distribution. The new variant of the malware has been observed targeting mobile banking applications in Australia, Poland, UK, and Italy. The malware features advanced capabilities such as device-specific checks to target 'Restricted Settings' protections introduced in Android 13, and interrupting biometric operations to bypass biometric security measures. Task scheduling using the AlarmManager API is also used.

Related reads

Popular posts from this blog

Meta CTO Reveals Latest Updates on AR Glasses: AI-Powered and Beyond!

Meta is working on developing immersive augmented reality (AR) glasses that could potentially replace smartphones. These glasses are designed to be cost-effective and integrate AI, with the goal of making them accessible to everyone. The company is currently working on prototypes for 2024, 2026, and 2028, with the aim of releasing the glasses by the end of the decade. One of the main challenges is creating displays that are both clear and high-quality yet cost-effective. Additionally, the company is working on manufacturing new materials for the glasses and finding ways to give them enough power without needing frequent charging. AI is expected to make the glasses more useful than anticipated, and could help with tradeoffs on other parts of the design. The article highlights the significance of AI in product roadmaps, including those of Meta, and how it is becoming a primary way people interact with machines. Related reads Larry Magid: Meta, Ray-Ban release second-generation smart gla...
Read more

GTA 6: The Most Anticipated Game Release in History?

The games industry is currently facing challenges such as cost-cutting measures, layoffs, studio closures, and game cancellations. However, the upcoming release of Grand Theft Auto 6 (GTA 6) is highly anticipated and expected to be a major success, with some analysts predicting it could be the best-selling video game of all time. The game's release is seen as critical for the video game industry, which is currently experiencing a decline in revenue and growth. GTA 6 has the potential to boost the bottom line of companies involved in the video game industry, including retailers like Amazon and GameStop, as well as console manufacturers like Sony and Microsoft. The game's success could also lead to increased interest in video games and gaming overall, potentially leading to a renewed growth period for the industry. However, the development of GTA 6 has been marred by reports of crunch and other issues within Rockstar Games, highlighting the challenges faced by developers in the i...
Read more

Google Unveils Revolutionary Password Security Feature for iPhone Users

Google has recently upgraded the security protection for iPhone users by introducing a new real-time system for detecting and warning users about unsafe websites in Chrome. This new system replaces the current local list-based system and includes flagging weak and reused passwords, blocking 25% more phishing attempts, and providing real-time protection against risky websites on Chrome for desktop, iOS, and soon Android. The new system uses an asynchronous mechanism to prevent network calls from blocking page loads and degrades the user experience, and it also includes an option to turn it off in the browser settings. Additionally, Google has partnered with Fastly, a CDN and edge computing specialist, to provide an additional layer of privacy by stripping out any identifying information from the browser request. The new system is currently available in Chrome's Standard mode and offers additional protection in Enhanced mode, including AI-based blocking, deep file scans, and protecti...
Read more