Android malware Chameleon disables Fingerprint Unlock to steal PINs

The Chameleon Android banking trojan has a new version which can disable fingerprint and face unlock to steal device PINs. Earlier versions impersonated Australian government agencies, banks and cryptocurrency exchanges. Currently distributed via the Zombinder service that hides malware in legitimate apps, it poses as Google Chrome. The new features help it bypass security features of Android 13 and newer. It prompts victims to enable Accessibility and then uses this to force a fallback to PIN or password authentication, capturing these to unlock the device.