This sounds fun: Android malware Chameleon disables Fingerprint Unlock to steal PINs
Posted by
JD (aka Jason Dean)
Dec 22 '23, 09:55
|
I kind of admire the thinking in this one.
We can't capture biometrics as those are stored locally on a phone but we can capture PINs. So how do we force people to use their PINs.
When Chameleon detects Android 13 or 14 upon launch, it loads an HTML page that guides the user through a manual process to enable Accessibility for the app, bypassing the system's protection.
The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication.
The malware captures any PINs and passwords the victim enters to unlock their device and can later use them to unlock the device at will to perform malicious activities hidden from view.
|