New virus disrupts security system of Android smartphones and steals funds

A new type of malicious software called Chameleon has emerged on the internet, capable of disabling the biometric unlocking features on Android smartphones, such as fingerprint scans or facial recognition, with the aim of stealing PIN codes and other passwords. BleepingComputer reported this, citing a report from ThreatFabric, a company specializing in cybersecurity.

Chameleon is distributed alongside the Google Chrome browser installer. To disguise itself as a legitimate Chrome version, cybercriminals use the Zombinder service, popular in the darker corners of the internet. Zombinder injects malicious fragments into the code of regular programs, making them challenging to detect.

Upon infiltrating a smartphone, Chameleon disrupts the functioning of biometric unlocking, compelling users to remove the lock using a PIN code. The malware records this code and uses it to unlock the device in the background, without the owner's knowledge.

Chameleon can remain undetected for an extended period and then suddenly remove the lock, autonomously conducting transactions through a banking app. Additionally, Chameleon is utilized to steal passwords from other services and confidential data.

To protect against this new form of malware, Threat Fabric experts recommend activating the Play Protect feature in Google Play and avoiding the download of Android app installers from unofficial sources.