How to protect your Android phone from the bank account draining Chameleon trojan

Malware known as the Chameleon Android banking trojan is being used by attackers to get into Android users' banking and financial apps. Once these cyber criminals gain access to these apps, their goal is to steal all of their victims' cash. The trojan was first spotted early this year and tricks victims into granting it permissions by pretending to be a legitimate app. Once the malware has access to a victim's phone, it can monitor how the phone is being used and intercept credentials.

The Chameleon trojan wouldn't be such a problem if it didn't bypass the "restricted setting feature" introduced in Android 13 which allows the user to decide which apps can access certain features and settings on the device. This is done by tricking the victim into granting the trojan permission to use the "restricted setting feature" without the user's consent. As a result, the malware can disable biometric security features such as facial recognition and fingerprint scanners and take control of a device. 

Now read this closely. Here is how the malware steals money from victims. The malware will display a fake lock screen asking the user to type in his/her PIN. The malware records the PIN and unlocks the phone allowing it to access the victim's banking and financial apps while also obtaining other personal information. The malware can send money to the attackers' accounts or purchase goods online without the knowledge of the owner of the phone.

According to The New York Post, there is a new and "improved" version of the Chameleon trojan that opens an HTML webpage. This site requests permission from the device owner to change his/her accessibility settings which will then be abused until the device asks for a PIN. The victim may never even notice that something is going on as a platform called Zombinder attaches the malware to regular apps that haven't been attacked by the criminals.

With Zombinder, tasks can be scheduled. So if an attacker figures out the schedule of his victim, he can schedule the trojan to do its thing when the victim's device is usually not being used which helps the attacker and the attack evade detection.

The best way to protect your Android phone is to stay away from sideloading apps from third-party app stores, Stick to the Google Play Store or the Samsung Galaxy Store if you have a Galaxy-branded device. Also, to make sure that your Android phone is protected, make sure it is running the latest version of Android. If you have any updates pending, install them.

The Chameleon banking trojan uses a keylogger that records passwords when they are typed on the infected device. Change the passwords to all of your apps starting with the financial apps first. Here's the thing though, do not use the infected phone to change the passwords such as your computer. Use strong and unique passwords. Also, check your online accounts and look for unusual activity. You should also go through your credit reports to look for signs of identity theft or fraud.

If you come across signs that your banking and credit card information have been obtained by attackers, inform the banks and credit card companies immediately. Tell your contacts to be on the lookout for messages from you that seem unusual and/or strange.

You can make sure that your device has no traces of malware left by performing a factory reset. Make sure that you have backed up your device before doing this, and restore it using a trusted device only. No one likes to perform a factory reset, but it could help protect you from having your financial accounts drained.