Chameleon Android Malware Uses Fingerprint Lock to Steal Data, Be Alert
Biometric data is something unique, one of which is fingerprints. Today, many companies in the technology industry use biometric security in their technology products.
However, it seems that the security of using biometric data as a key for digital services is no longer guaranteed.
Reported by Mashable on Monday, December 25 2023, a new version of the Android Chameleon malware is rumored to be able to exploit the fingerprint feature to steal users' PINs.
According to researchers from ThreatFabric, the malware managed to trick users into activating accessibility services. After that, the attacker has the ability to change the security settings on the smartphone from the biometric method to using a PIN lock.
ThreatFabric revealed that this upgrade will strengthen the adaptability of the new Chameleon variant, making it a more serious threat in the ever-growing mobile banking trojan industry.
Based on the Bleeping Computer report, criminals in the digital world pose as official Android applications, then display an HTML page asking users to activate accessibility settings.
That way, attackers can circumvent the security system, including unlocking using fingerprints. If the victim uses a PIN as a login method instead of a fingerprint, an attacker can capture that PIN or any password.
One of the main ways such malware spreads is through Android package files (APK) that come from unauthorized sources.
Therefore, the community must be vigilant and pay attention to verifying the use of official applications, especially banking applications.
Previously, cybersecurity experts discovered a new type of malware for Android called FjordPhantom. This malware has focused on users in Southeast Asian countries, including Indonesia, Thailand and Vietnam since early September 2023.
This malware was found to spread through messaging services, and combines malicious applications with social engineering strategies to defraud banking customers.
The company Promon, which operates in the field of mobile application security, revealed that this attack used email, SMS and messaging applications to trick recipients into downloading fake banking applications.
Then, victims are subjected to social engineering practices similar to telephone attacks. This attack involves a fake call that provides step-by-step instructions for using the fake application.
The main ability of the FjordPhantom malware is that it can run malicious code without being detected. This allows this malware to circumvent Android's protection system.
Meanwhile, in 2019, Kaspersky research highlighted that biometric data was at high risk of being compromised.
The company doespreview about cyber threats to systems used to process and store biometric data.
In the report, the company pointed out that various malicious threats (including remote access Trojans, ransomware, banking Trojans, etc.) are frequently found to attempt to infect IT systems.
"As many as 37 percent of computers, servers and workstations used to collect, process and store biometric data with Kaspersky products installed, faced at least one attempted malware infection in Q3 2019," Kaspersky wrote in its official statement, Monday (9/12/2019) .
Overall, a large number of conventional malware samples were blocked, including modern remote access trojans (5.4 percent), malware used in phishing attacks (5.1 percent), ransomware (1.9 percent), and Banking Trojans (1 .5 percent).
However, it seems that the security of using biometric data as a key for digital services is no longer guaranteed.
 |
| fingerprint illustration (kamumauvector.com) |
Reported by Mashable on Monday, December 25 2023, a new version of the Android Chameleon malware is rumored to be able to exploit the fingerprint feature to steal users' PINs.
According to researchers from ThreatFabric, the malware managed to trick users into activating accessibility services. After that, the attacker has the ability to change the security settings on the smartphone from the biometric method to using a PIN lock.
ThreatFabric revealed that this upgrade will strengthen the adaptability of the new Chameleon variant, making it a more serious threat in the ever-growing mobile banking trojan industry.
Based on the Bleeping Computer report, criminals in the digital world pose as official Android applications, then display an HTML page asking users to activate accessibility settings.
That way, attackers can circumvent the security system, including unlocking using fingerprints. If the victim uses a PIN as a login method instead of a fingerprint, an attacker can capture that PIN or any password.
One of the main ways such malware spreads is through Android package files (APK) that come from unauthorized sources.
Therefore, the community must be vigilant and pay attention to verifying the use of official applications, especially banking applications.
Be alert, there is banking malware targeting Android users in Southeast Asia
Previously, cybersecurity experts discovered a new type of malware for Android called FjordPhantom. This malware has focused on users in Southeast Asian countries, including Indonesia, Thailand and Vietnam since early September 2023.
This malware was found to spread through messaging services, and combines malicious applications with social engineering strategies to defraud banking customers.
The company Promon, which operates in the field of mobile application security, revealed that this attack used email, SMS and messaging applications to trick recipients into downloading fake banking applications.
Then, victims are subjected to social engineering practices similar to telephone attacks. This attack involves a fake call that provides step-by-step instructions for using the fake application.
The main ability of the FjordPhantom malware is that it can run malicious code without being detected. This allows this malware to circumvent Android's protection system.
Kaspersky Reveals Biometric Data is Very Risky
Meanwhile, in 2019, Kaspersky research highlighted that biometric data was at high risk of being compromised.
The company doespreview about cyber threats to systems used to process and store biometric data.
In the report, the company pointed out that various malicious threats (including remote access Trojans, ransomware, banking Trojans, etc.) are frequently found to attempt to infect IT systems.
"As many as 37 percent of computers, servers and workstations used to collect, process and store biometric data with Kaspersky products installed, faced at least one attempted malware infection in Q3 2019," Kaspersky wrote in its official statement, Monday (9/12/2019) .
Overall, a large number of conventional malware samples were blocked, including modern remote access trojans (5.4 percent), malware used in phishing attacks (5.1 percent), ransomware (1.9 percent), and Banking Trojans (1 .5 percent).
