Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Watch out - this devious new Android malware impersonates banks and governments to trick you out of your crypto

Samsung Galaxy S23 hands on display macro

Cybersecurity researchers have recently discovered a new malware for Android that successfully mimics different kinds of mobile applications - from banking apps, to crypto exchange apps, to government apps.

Chameleon was discovered by researchers from Cyble, who observed hackers distributing the malware through compromised websites, Discord channels, and Bitbucket hosting services. 

The tool sports a number of different functionalities, all of which amount to information stealing. 

Profiling the target

Once downloaded, the malware will first analyze the device to see if it’s in a honeypot. It will scan the phone to see if it’s rooted and if debugging is activated, as these are usual signals of an analyst’s environment. Once that test is passed, it will ask for Accessibility Service permissions - which is a huge red flag. It’s usually malware that asks for this kind of permission as they allow it to run rampant across the endpoint.

The next step is to establish a connection with its Command & Control (C2) server, and send the basic device information: version, model, root status, country, and precise location. After that, it will start loading different malicious modules to the device, including a cookie stealer, a keylogger, a phishing pages injector, a grabber for PIN codes and patterns, and an SMS stealer. These modules allow the malware to grab passwords and multi-factor authentication codes which can later be used for identity theft.

While all of this might sound like much, researchers are adding that Chameleon is an emerging threat, and as such is likely to get additional features in the comping weeks. 

To stay safe, Android users should first make sure not to download apps from suspicious sources and instead grab apps only from official stores. Furthermore, they should enable Google Play Protect, as the first line of defense. An Android antivirus program wouldn’t hurt, either.

Via: BleepingComputer

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.