HQ/EMEAFind out how we can help your business
The Chameleon banking trojan is a new Android malware impersonating a well-known cryptocurrency application called CoinSpot.
Based on reports, this new banking trojan has unique commands for its activities, which do not appear on other trojan strains. Hence, it is a new and independent strain. This malicious software has been active since the start of the year and prioritises targeting Polish and Australian Android users.
This Android trojan has also impersonated other popular apps aside from CoinSpot. The researchers confirmed that Chameleon also masquerades as the Polish IKO Bank and an Australian government agency.
In addition, the new malware is also present within other fake applications, such as LTC_Giveaway (Litcoin) and BCH_Cash, for duping as Bitcoin Cash.
The Chameleon banking trojan could hide from targeted users through various obfuscation techniques.
According to investigations, the Chameleon banking trojan could change its icon to remain obfuscated from a user’s view. One example of this strategy is that it used the icons of various software, such as Chrome, Bitcoin, and ChatGPT, to compromise Android users.
Subsequently, the threat actors spread these malicious apps through compromised websites, Discord attachments, and Bitbucket hosting services. The attackers could also use specific URLs to disseminate the malware.
The threat operators’ primary objective is to steal user credentials through keylogging and injection tactics. Furthermore, researchers claimed that the Chameleon is still in its developmental stage, which comes with limited abilities.
Researchers confirmed that Chameleon has standard trojan capabilities, such as SMS harvesting, overlay attacks, stealing cookies, self-destruct features, and keylogging. However, the interesting ability of Chameleon is that it can deactivate Google Play Protect.
Lastly, this new trojan is a lock grabber that could steal the device password of its victims. The lock grabber could recognise if an Android user is using a password, swipe, or Pin.
Chameleon is another banking trojan with threat capabilities that could compromise Android devices. This malicious tool could still abuse the Accessibility Services, enabling attackers to upgrade the malware further for further damages, although the current version lacks sophistication.
Cybersecurity experts suggest that Android users in Poland and Australia should be wary of opening links in emails or SMS from unknown senders.
