This Android Trojan Blocks Your Fingerprint Sensor to Force PIN Entry and Gain Access to Your Phone

This Android Trojan Blocks Your Fingerprint Sensor to Force PIN Entry and Gain Access to Your Phone

Persistent Android Malware Continues to Make Headlines

Despite some time having passed, there is a piece of malware that continues to cause a stir in the world of Android mobiles. First detected at the beginning of 2023, it has evolved with an update granting it additional capabilities.

Chameleon Malware Disables Biometric Authentication

Now, Chameleon—this is the name of the malware—can block fingerprint biometric authentication, compelling users to enter their PIN code or password, thus gaining full access to your mobile device almost without your awareness.

Threat Limited for Cautious Users, According to Cybersecurity Experts

As cybersecurity researchers from ThreatFabric explain, for Android users who always download applications from the Google Play store and are wary of potential phishing scams, the threat from Chameleon is limited.

Users Downloading from Unverified Sources at Risk

However, those who download apps from unverified sources might risk installing this malware onto their devices. The latest version of Chameleon even masquerades as an apparently legitimate and innocuous Google Chrome application, so you need to be very vigilant.

How Chameleon Operates and Takes Control of Android Phones

Chameleon is an Android banking trojan that disguises itself as a Google Chrome app downloaded from unreliable sources. Once installed, it tricks the user into enabling accessibility services and disables biometric authentication, like fingerprints.

The malicious app targets specific versions of Android, guiding users to activate services which ultimately allow it to take control of the mobile device. Chameleon switches from biometric to PIN authentication, stealing passwords and enabling remote access.

Google, aware of this serious issue, assures users that Play Protect will provide the necessary protection against Chameleon. Nonetheless, as previously mentioned, the onus is on users to avoid downloading applications from unreliable sources, particularly when receiving suspicious links through emails.

Learn more about , the author of this article.
Discover how we work at Computerhoy.

Read More