Researchers have discovered an enhanced version of the banking Trojan Chameleon that is capable of disabling both fingerprint and face unlock features on Android phones. The malware spreads through the Zombinder service, disguising itself as Google Chrome to avoid detection by Google Play Protect and antivirus software. Once installed, the Trojan requests users to grant it permissions to use the accessibility service of the operating system, displaying an HTML page. This method bypasses the security introduced in Android 13, which blocks permissions like accessibility that can be exploited by malicious applications.
The new version of Chameleon can intercept biometric authentication and forces users to enter a PIN or password to unlock their devices. The entered PINs or passwords are then captured by the malware and can be later used for unauthorized access to infected devices. Additionally, the Trojan can schedule tasks through the AlarmManager API interface to remain dormant during active device usage, thereby ensuring its stealth and avoiding detection.
To protect against malware on Android devices, it is recommended to avoid installing apps from unknown sources and rely on official app stores like Google Play Store. These stores thoroughly vet each app for potential threats. However, given the growing threat of malware bundled with Zombinder, it is expected that Google will develop measures to detect such apps in Google Play Protect.
Nevertheless, it is advised to minimize the number of installed apps on Android smartphones and refrain from installing unnecessary apps to reduce the risk of encountering malicious software. Sticking to reputable app stores and avoiding suspicious sources ensures a safer smartphone experience.
Source: [https://www.example.com](https://www.example.com)
FAQ
The source of the article is from the blog papodemusica.com