New Chameleon Android malware variant emerges with fingerprint lock bypass capability

A new variant of Chameleon Android malware has been found in the wild with new features, notable among them the ability to bypass fingerprint locks.

The Chameleon Android banking trojan first entered the scene in early 2023 with a primary focus on mobile banking applications in Australia and Poland but has since expanded into other countries, including the U.K. and Italy. The malware uses multiple loggers but has somewhat limited functionality.

Earlier versions of Chameleon could perform actions on behalf of the victim, with those behind the malware able to undertake account and device takeover attacks. As detailed Dec. 21 by researchers at ThreatFabric, Chameleon has traditionally abused the Android Accessibility Service to steal sensitive information from endpoints and mount overlay attacks.

However, the new version comes with two changes: the ability to bypass biometric prompts and the ability to display an HTML page to enable accessibility service in devices implementing Android 13’s “Restricted Settings” feature. According to the researchers, the enhancements elevate the sophistication and adaptability of the new Chameleon variant, making it a more potent threat in the ever-evolving landscape of mobile banking trojans.