Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication

An updated version of the Chameleon Android banking malware targets users in the UK and Italy using the accessibility service for Device Takeover (DTO) fraud. Previously targeting users in Australia and Poland, Chameleon’s latest iteration is delivered via Zombinder, an available dropper-as-a-service that aids binding malicious payloads to legitimate apps. The malware also disrupts biometric operations of targeted devices, changing the lock screen authentication mechanism to a PIN.