How to protect your Android from a banking threat that bypasses fingerprint unlock and steals your PIN
NY Post
You might think that using your fingerprint or face to unlock your phone is more secure than using your PIN.
But you could be wrong. Hackers have developed sophisticated Android malware that can disable your biometric security and steal your PIN and data.
The malware is known as the Chameleon Android banking trojan. It was first detected earlier this year. The trojan can mimic legitimate apps and trick you into granting it permissions. Once it has access to your device, it can monitor your activity and intercept your credentials.
The malware can also bypass the security measure introduced in Android 13. This security measure, called the “restricted setting feature,” allows you to control which apps can access certain settings and features on your device. This feature was supposed to prevent hackers from using the restricted setting feature to take over your device. According to BleepingComputer, the malware can use a clever technique to trick you into granting it permission to use the restricted setting feature without your consent. This means that the malware can control your device and even disable your fingerprint or face scan.
The malware can then display a fake lock screen and ask you to enter your PIN. If you do, the malware will capture your PIN and unlock your device. It can then access your banking apps and other sensitive information. It can also send money to the hackers’ accounts or purchase online goods without your knowledge.
This new and improved version of the Chameleon Android banking trojan will pop open an HTML page, asking your permission to change your accessibility settings. It will then abuse your accessibility features until your phone forces you to input your PIN.