BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Chameleon is a new Android malware that mimics a range of everyday applications

    A new Android Trojan called Chameleon has been targeting users in Australia and Poland since earlier this year, mimicking the Australian cryptocurrency exchange CoinSpot, an Australian government agency, and the Polish bank IKO.

    The mobile malware was discovered in the wild (ITW) by cybersecurity company Cyble, reporting Chameleon spread through hacked websites, Discord attachments, and Bitbucket hosting services.

    The Chameleon Trojan includes a wide range of malicious features, such as stealing user credentials using overlay injections and keylogging, stealing cookies and SMS texts from an infected device.

    When launched, the malware performs a series of checks to avoid detection by security software. These checks include determining the environment the app is running in (sandboxed or not), whether the device is rooted, and whether debugging is enabled in developer options. All of these factors give attackers a clue as to whether the Trojan is on the device of a regular user or a security researcher.

    If the environment is acceptable, the infection continues and Chameleon asks the victim for permission to use an accessibility service, which he abuses to grant himself additional permissions and make it harder to remove from the victim's device. The malware also requests that Google Play Protect be disabled so that the system does not detect the installation of additional payloads.

    When it first connects to the C2 server, the malware sends data about the device model, operating system version, root status, the victim's country of residence, and even the exact coordinates of the device's location.

    Depending on what service the malware pretends to be, when it starts, it opens a perfectly legitimate URL for that service in a WebView, but the malicious modules start loading in the background. These include a cookie thief, a keylogger, a phishing page injector, a PIN/lock screen code interceptor, and an SMS hijacker that can intercept one-time passwords (OTP) and help attackers bypass 2FA protection.

    Even if the victim suspects something is wrong, due to the cunning algorithm of the built-in protection, the usual removal of the malware will not lead to the desired result. Moreover, the Trojan can be added to the system autostart, and will reconnect with the C2 server when the device is restarted.

    Most of these malicious programs rely on the abuse of accessibility services, which is what gives them such extensive functionality. Therefore, unfamiliar applications should never be given such access, especially if there is no clear certainty that they really need it.

    Cyble also discovered code that allows Chameleon to download an additional payload and store it on the device as a ".jar" file for later execution through the DexClassLoader. However, this feature is currently not exploited by attackers.

    Chameleon is a new mobile threat that may add even more new features and functionality in future versions. Android users are advised to be careful with the apps they install on their devices. It is worth downloading software only from official stores, and the Google Play Protect system must always be enabled.

    Author DeepWeb
    OpenAI hit the ceiling in the development of neural networks
    Brazilian authorities decided to block Telegram in the country

    Comments 0

    Add comment