Yet another Android banking trojan is hiding among other apps, and this one is super dangerous. A recent report from Cyble is warning all Android users to be on the lookout and to be extra careful when it comes to protecting their data.
Here’s what we know so far.
What does this Banking Trojan do?
According to the report, this new Banking Trojan is capable of changing its app icon and stealing your passwords, text messages, and other sensitive data. Because it can change itself, researchers have named this new trojan “Chameleon.” The Chameleon is been active since January of 2023, and it can abuse the Android operating system’s Accessibility Services to completely take over devices, just like many other smartphone malware campaigns can.
MORE: HUNDREDS OF BANKING APPS AT RISK FROM THE NEW NEXUS ANDROID TROJAN
What makes the Chameleon Trojan stand out (no pun intended), however, is the way that it pretends to be other apps while it’s performing these malicious acts. That’s not something that I’ve heard of before, as it can even change its icon so that you think it’s just another commonly used app on your phone.
What kind of apps does the Chameleon disguise itself as?
The Chameleon can disguise itself as any given app, especially the ones that you’re least likely to question, like Chrome, ChatGPT, and Bitcoin. The Chameleon is spread via hacked websites, Discord attachments, and Bitbucket hosting services, according to the Cyble report.
Some of the other capabilities it has include keylogging, launching overlay attacks, harvesting SMS text messages, preventing itself from being uninstalled, stealing cookies, and automatically uninstalling itself, which is pretty impressive considering it’s only been around since January.
While this Trojan is currently spreading through Australia and Poland, it’s a matter of time before it spreads globally, so be sure to take precautions to keep yourself safe.
What can I do to protect myself?
- Turn on Antivirus protection: Be sure to have antivirus software on all of your devices. My #1 antivirus software pick is TotalAV. It protects against phishing and ransomware attacks and makes sure you don’t click on any malicious links trying to trick you to download malware.
Special for CyberGuy Readers: My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package. Find my review of Best Antivirus Protection here.
- Update your passwords: Make sure your passwords are not easy to guess
- Turn on 2-factor Authentication: Make sure it’s difficult for anyone to easily log into any of your accounts.
- Keep your software updated: Keep your software and operating systems updated to better ensure you have the latest security patches.
Have you seen this new banking trojan? Let us know if you spot it.
Related:
- Free antivirus software: Should you use it?
- Hundreds of banking apps at risk from the new Nexus Android trojan