New Android malware can steal your password by disabling fingerprint and face unlock
- Cyber Security researchers recently discovered an updated version of the 'Chameleon Trojan' malware that poses a threat to Android devices.
Malware Characteristics
- Chameleon Trojan attaches itself to legitimate Android apps like Google Chrome to evade detection.
- It operates in the background, compromising the security of the device.
- It is designed to disable biometric authentication methods such as fingerprint and face unlock to sneakily access sensitive information, especially PINs.
- It is reported to be undetectable during runtime, enabling it to bypass Google Protect alerts and security software on the device.
- This stealthy approach allows the Trojan to operate without any worries, evading immediate countermeasures.
Attack Mechanism
- Chameleon Trojan steals on-screen content, gains additional permissions, and can use gestures to capture PINs and passwords entered by users to unlock the device.
- The stolen PIN is then used to unlock the device in the background, allowing the theft of sensitive information such as credit card details and login credentials.
- It collects information on users' app usage habits to launch attacks when the device is least likely to be in use.
Preventive Measures
- Avoid installing Android apps from unofficial sources.
- Disable the 'Accessibility service' for unknown apps to prevent Chameleon Trojan from bypassing security mechanisms.
- Running regular security scans and keeping Google Play Protect enabled to enhance device security.
Prelims Takeaway
- Chameleon Trojan
- Malware