Sneaky Chameleon Banking Malware Defeats Biometric Security On Android, Steals PINs

Chameleon, an Android malware first noticed in spring, has evolved into a more profound danger by using the Android Accessibility Service via a series of fake dialogs, thereby granting it access to security settings and personal data. The malware uses a third-party service, Zombinder, to attach itself to genuine apps, posing as Google Chrome and guiding users to grant it Accessibility control. Once in control, Chameleon disables biometric unlock, records user passwords, and steals personal data. Experts advise keeping Google Protect features on and downloading apps only from official sources to stay safe.