Android Banking Trojan Chameleon can now bypass any Biometric Authentication

The Chameleon banking trojan was first identified during its early development phase and was first observed in the wild in early 2023. Its usage of several loggers, restricted malicious functionality, and clearly described yet unutilized instructions suggested a clear possibility for future development and effect.

This banking trojan demonstrated a unique capacity to control a victim’s device and carry out actions via a proxy function on the victim’s behalf. Attacks known as Account Takeover (ATO) and Device Takeover (DTO) are made possible by this feature, which mostly targets bitcoin services and banking apps. The misuse of Accessibility Service credentials was necessary for these functions to work. A variety of dissemination techniques were also used by the previous iteration of the banking trojan, Chameleon.

Android Banking Trojan Chameleon can now bypass any Biometric Authentication

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Android Banking Trojan Chameleon can now bypass any Biometric Authentication

21-Dec-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address