Cybersecurity researchers from Threatfabric discovered a fresh version of the Android Trojan called Chameleon, which primarily targets European users of banking applications. |
The new variant of this mobile malware is capable of taking control of infected devices by utilizing specific Android capabilities. Moreover, it has expanded its range of attacks, affecting more countries. |
Chameleon was initially detected by Cyble in April 2023. At that time, experts noticed that it mainly targeted users in Australia and Poland. However, it has now extended its reach to include Italy and Great Britain. |
It is worth mentioning that even in its earlier versions, the Trojan had the ability to exploit Android capabilities, albeit for limited scenarios focused on data collection and conducting attacks through applications. |
In previous iterations, the fake malicious applications containing Chameleon were hosted on phishing pages. Often, they were disguised as official government entities or popular online services, such as the Australian tax service or a cryptocurrency trading platform like CoinSpot. |
Threatfabric points out that Chameleon is now distributed through the Zombinder DAAS service, which connects malicious programs with legitimate applications. Despite expectations of its closure this year, Zombinder re-emerged last month, offering attackers new means to bypass Android restrictions and install malicious software. |
The key feature of the updated Chameleon version, as mentioned earlier, is its ability to fully take over a device using specialized Android capabilities. This allows hackers to execute any unauthorized actions on behalf of the victim without their knowledge. |
The Trojan scans the device’s operating system version and, if Android 13 or above is detected, prompts the victim to enable the necessary settings. Simultaneously, a seemingly legitimate HTML page is loaded, guiding the user through the process of activating the special capabilities. |
Android-Wredosonon Chameleon Poses Increased Cash Control and Theft Risk
/Reports, release notes, official announcements.