Quote:Security researchers at Threat Fabric have discovered a new variant of the Android banking trojan Chameleon. This new variant supports new device takeover capabilities that include the ability to bypass biometric prompts.
 
Chameleon emerged as a threat in January 2023. It was distributed using various methods to infiltrate Android devices. The initial focus of the banking trojan were users in Poland and Australia.
 
The trojan targeted banking apps primarily and was distributed through phishing websites by disguising itself as legitimate applications. In Poland, Chameleon disguised itself as legitimate banking apps while it claimed to be an official app of the Taxation Office in Australia.
 
The new variant of Chameleon takes things a step further. Besides targeting Android users in the United Kingdom and Italy as well, it is equipped with new capabilities that make it even more dangerous.
 
Threat Fabric explains that the new variant likes to disguise it as Google Chrome, the world's most popular web browser. The variant supports two new capabilities.
...