ForumIAS announcing GS Foundation Program for UPSC CSE 2025-26 from 27th May. Click Here for more information.
Source: The post on Chameleon Trojan Malware has been created on the article “New Android malware can steal your password by disabling fingerprint and face unlock” published in “The Indian Express” on 27th December 2023.
Why in news?
Cybersecurity researchers have identified a powerful variant of the notorious ‘Chameleon Trojan’ malware’, presenting a significant threat to users of Android devices.
What is Chameleon Trojan Malware?
1) The Chameleon malware is a Trojan program capable of infiltrating devices with minimal detection, disabling biometric authentication features such as fingerprint security and face unlock.
2) Chameleon Trojan can also evade detection by malware scanning apps.
How does it operate?
1) Cameleon Trojan attaches itself to legitimate Android apps like Google Chrome to avoid detection and runs the code in the background.
2) Cameleon Trojan bundles are undetectable in runtime, allowing it to bypass Google Protect alerts and security software running on the device.
3) It adapts its tactics depending on the targeted Android version. On Android 12 and earlier versions, it exploits the Accessibility service, while in more recent versions, it utilizes a deceptive HTML page to circumvent security restrictions imposed by Google.
Note- An Accessibility Service assists users with disabilities or users of assistive technologies in using Android devices and apps.
4) It also steals on-screen content, giving itself more permissions and can capture any PINs and passwords users enter to unlock the device.
5) Chameleon Trojan then uses the stolen PIN to unlock the device in the background and steal more sensitive information like credit card passwords, login credentials and more.
6) Malware also collects information on app usage habits to determine when the user is using their device and launch attacks when they are least likely to use it.
How to Stay Safe from the Chameleon Malware?
1) It is crucial to avoid installing Android apps from unofficial sources.
2) Users should exercise caution by refraining from enabling the ‘Accessibility service’ for unknown or untrusted apps.
3) A trusted anti-virus software should be installed and regular security scans must be done.
UPSC Syllabus: Science and technology
