Oasis Ticket Sales Scams: How to Stay Safe
During our weekly meetings with the banking industry and Police Scotland, we continue to see a significant increase in ticket scams over the last three…
Android Malware ‘Chameleon’ Disguises as Legitimate Banking and Government Apps
Description
Cyble Research & Intelligence Labs (CRIL) has posted an article raising awareness of a new Android Trojan, ‘Chameleon’, which has been active since the beginning of 2023 and specifically targeted users in Australia and Poland. Chameleon tricks users by mimicking several applications, including the Australian Government Agency, the mobile app for a large bank in Poland and a cryptocurrency app, ‘CointSpot’. Since its initial observations in January 2023, it has disguised itself as many other apps, such as ChatGPT and Google Chrome.
The application is distributed through several platforms, including compromised websites, BitBucket and Discord attachments and has several worrying capabilities:
- Keylogging – Records user keystrokes.
- Overlay Attack – A malicious program overlays itself on top of a genuine one to manipulate the user into clicking it.
- Steals SMS information.
- It cannot be uninstalled.
- Cookie Stealer – Can be used for session hijacking.
- Steals lock screen login information.
- Disabling Google Play Protect.
Cyble notes that Chameleon is still in its early development stages and may become an even more powerful malware with time.
Once a device has Chameleon installed, it asks the user to activate the Accessibility Service, a service used by genuine applications to help users with disabilities, such as screen readers and voice access. To complete these tasks, the Accessibility Service hands over sensitive information, such as observing the users’ actions, retrieving window content and performing gestures on the users’ behalf.
An example of Chameleon requesting access to the Accessibility Service. Source: https://blog.cyble.com/2023/04/13/chameleon-a-new-android-malware-spotted-in-the-wild/
Once this service is activated, Chameleon uses it to escalate its permissions, prevent uninstallation, and disable Play Protect. It then connects to the Command-and-Control Server to send device information.
Prevention
Chameleon has some significantly concerning features, but its current form will only pose a threat once installed on a user’s device. To protect yourself and your organisation, several essential security practices can be followed to prevent this malware from being installed:
- Only ever download apps from verified stores, such as the Google Play Store or the Apple App Store
- Ensure Google’s Play Protect feature is enabled and install a trusted antivirus.
- When an application asks for additional permissions, read them thoroughly to enquire if they are genuinely required.
- Regularly check your device for updates.
Related Links
https://blog.cyble.com/2023/04/13/chameleon-a-new-android-malware-spotted-in-the-wild/ – Published 13th April 2023
Related articles
Alert: Unpatched Microsoft Office Vulnerability Exposes NTLM Hashes
Microsoft has recently disclosed a significant security vulnerability affecting multiple versions of its Office suite, including Office 2016, Office 2019, Office LTSC 2021 and Microsoft…
Public Alert: Windows 11 End of Support – Action Required
Microsoft has issued an important reminder that multiple editions of Windows 11 will reach the end of their support lifecycle on 8 October 2024. This…