You might think that using your fingerprint or face to unlock your phone is more secure than using your PIN.
But you could be wrong. Hackers have developed sophisticated Android malware that can disable your biometric security and steal your PIN and data.
What is the Chameleon Android banking malware?
The malware is known as the Chameleon Android banking trojan. It was first detected earlier this year. The trojan can mimic legitimate apps and trick you into granting it permissions. Once it has access to your device, it can monitor your activity and intercept your credentials.
How does the malware bypass the restricted setting feature?
The malware can also bypass the security measure introduced in Android 13. This security measure, called the “restricted setting feature,” allows you to control which apps can access certain settings and features on your device. This feature was supposed to prevent hackers from using the restricted setting feature to take over your device. According to BleepingComputer, the malware can use a clever technique to trick you into granting it permission to use the restricted setting feature without your consent. This means that the malware can control your device and even disable your fingerprint or face scan.
How does the malware steal your money?
The malware can then display a fake lock screen and ask you to enter your PIN. If you do, the malware will capture your PIN and unlock your device. It can then access your banking apps and other sensitive information. It can also send money to the hackers’ accounts or purchase online goods without your knowledge.
Image of the front of an Android (Kurt “CyberGuy” Knutsson)
The sneaky malware can ask you to change your accessibility settings and force you to input your PIN
This new and improved version of the Chameleon Android banking trojan will pop open an HTML page, asking your permission to change your accessibility settings. It will then abuse your accessibility features until your phone forces you to input your PIN.
You might not even notice it, either. Chameleon uses a platform called Zombinder to attach the malware to innocent apps. It can also schedule tasks. So once a hacker learns your schedule, they can run the trojan when your phone is normally inactive.
Woman with Android in her hand (Kurt “CyberGuy” Knutsson )
Click Here to Read the Full Original Article at FOX News : Tech…