What is Chameleon Trojan?

1 min read
What is Chameleon Trojan? Blog Image


Cybersecurity researchers recently identified a potent variant of the infamous ‘Chameleon Trojan’ malware, posing a substantial risk to Android device users.

About Chameleon Trojan:

  • It is amalware that has the ability to disable biometric authentication methods, including fingerprint and face unlock, to sneakily access sensitive information.
  • Working:

o The malware strategically attaches itself to legitimate Android applications, such as the widely used Google Chrome, effectively avoiding immediate detection.

o Operating discreetly in the background, Chameleon Trojan can disable biometric security measures, specifically targeting PINs.

o The malware bundles are reportedly undetectableduring runtime, enabling it to outsmart Google Protect alerts and circumvent security software on the compromised device. 

o This stealthy approach allows the Trojan to operate without any worries, evading immediate countermeasures.

o Its modusoperandi varies depending on the Android version

o Once active, Chameleon Trojan steals on-screen content, elevates its own permissions, and can even use gestures to capture PINs and passwords entered by users to unlock their devices. 

o The stolen PIN is then employed to unlock the device in the background, enabling the malware to access sensitive information such as credit card passwords and login credentials.

o The malware also collects information on users’ app usagehabits, launching attacks when the device is least likely to be in use.

· To safeguard against the Chameleon Trojan, it is crucial to avoid installing Android apps from unofficial sources. Additionally, users should refrain from enabling the 'Accessibility service' for unknown apps.

Q1: What is Malware?

Malware, or malicious software, is any program or file that is intentionally harmful to a computer, network or server. Types of malware include computer viruses, worms, Trojan horses, ransomware and spyware. These malicious programs steal, encrypt and delete sensitive data; alter or hijack core computing functions and monitor end users' computer activity.

Source:New Android ‘Chameleon’ trojan malware bypasses biometrics and steals PINs: All details