Watch out - this devious new Android malware impersonates banks and governments to trick you out of your crypto

Newly discovered Android malware poses as different apps

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers have recently discovered a newmalwarefor Android that successfully mimics different kinds of mobile applications - from banking apps, to crypto exchange apps, to government apps.

Chameleon was discovered by researchers from Cyble, who observed hackers distributing the malware through compromised websites, Discord channels, and Bitbucket hosting services.

The tool sports a number of different functionalities, all of which amount to information stealing.

Profiling the target

Once downloaded, the malware will first analyze the device to see if it’s in a honeypot. It will scan the phone to see if it’s rooted and if debugging is activated, as these are usual signals of an analyst’s environment. Once that test is passed, it will ask for Accessibility Service permissions - which is a huge red flag. It’s usually malware that asks for this kind of permission as they allow it to run rampant across the endpoint.

The next step is to establish a connection with its Command & Control (C2) server, and send the basic device information: version, model, root status, country, and precise location. After that, it will start loading different malicious modules to the device, including a cookie stealer, a keylogger, a phishing pages injector, a grabber for PIN codes and patterns, and an SMS stealer. These modules allow the malware to grab passwords and multi-factor authentication codes which can later be used foridentity theft.

This dangerous Android malware is seeing a huge rise in infections>Dangerous new ‘Hook’ Android malware lets hackers remotely control your phone>Check out the best firewall tools right now

While all of this might sound like much, researchers are adding that Chameleon is an emerging threat, and as such is likely to get additional features in the comping weeks.

To stay safe, Android users should first make sure not to download apps from suspicious sources and instead grab apps only from official stores. Furthermore, they should enableGoogle PlayProtect, as the first line of defense. An Android antivirus program wouldn’t hurt, either.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics