2024-08-05 Android CHAMELEON Samples - #Chameleon
The Chameleon Android banking trojan has evolved significantly, developing sophisticated methods to bypass security features and deceive users. Initially targeting Australian and Polish users, the malware now extends its reach to the UK, Italy, Canada, and Europe, specifically targeting the hospitality industry and employees with access to corporate banking. Disguised as legitimate apps, including Google Chrome and Customer Relationship Management (CRM) applications, Chameleon uses advanced techniques like HTML page tricks, fake login screens, and keylogging to steal credentials and sensitive information. The malware is distributed via the Zombinder service and has incorporated new dropper mechanisms to evade Android 13+ restrictions. Financial institutions are advised to educate their business customers about the risks of mobile banking malware and to implement robust anomaly detection and malware prevention systems.