New Chameleon banking trojan is stealing account info — what you need to know
A newly discovered Android banking trojan could be hiding among your other apps. One with the ability to change its app icon as it steals your passwords, text messages and other sensitive data.
According to a new report (opens in new tab) by the cybersecurity firm Cyble, security researchers discovered a new banking trojan that they have dubbed “Chameleon,” based on the commands used by the malware powering it.
The Chameleon banking trojan has been active since January of this year, and (like other Android malware) it abuses the operating system’s Accessibility Service to perform malicious activities. However, one thing that sets it apart from other banking trojans is the fact that Chameleon pretends to be other popular apps and can even change its icon to hide in plain sight.
So far, Cyble’s researchers have observed the banking trojan using the icons of ChatGPT, Chrome and other apps though it also uses pictures of popular cryptocurrencies like Bitcoin or Litecoin to disguise itself as well.
Stealing account info and disabling Google Play Protect
Based on Cyble’s investigation, it appears that malicious apps used to spread the Chameleon banking trojan are distributed through hacked websites, Discord attachments and Bitbucket hosting services.
Even though Chameleon is still relatively new and is in the early stages of development, it already has a wide range of malicious capabilities and the banking trojan can perform keylogging, launch overlay attacks, harvest SMS text messages, prevent itself from being uninstalled, steal cookies and automatically uninstall itself.
One thing that makes this new malware strain particularly dangerous is that it can disable Google Play Protect on an infected smartphone. For those unfamiliar, Google Play Protect is Google’s own Android antivirus app which scans both your existing apps and any new apps you download for malware and removes them.
Another interesting capability already found in Chameleon is its lock grabber which can steal a victim’s device password. Surprisingly, the lock grabber can even identify whether…