New Chameleon Android malware variant emerges with fingerprint lock bypass capability

A new variant of the Chameleon Android malware can bypass fingerprint locks, making it a more potent threat. Originally targeting banking apps in Australia and Poland, it has expanded into other countries. The malware convinces users to enable accessibility services, then performs unauthorized actions on the user’s behalf. It can interrupt biometric operations on targeted devices, assess screen and keyguard status, and switch from biometric to PIN authentication. This lets the malware facilitate PIN theft and unlock devices using stolen PINs or passwords.