BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Chameleon is a new Android malware that mimics a range of everyday applications

    A new Android Trojan called Chameleon has been targeting users in Australia and Poland since earlier this year, mimicking the Australian cryptocurrency exchange CoinSpot, an Australian government agency, and the Polish bank IKO.

    The mobile malware was discovered in the wild (ITW) by cybersecurity company Cyble, reporting Chameleon spread through hacked websites, Discord attachments, and Bitbucket hosting services.

    The Chameleon Trojan includes a wide range of malicious features, such as stealing user credentials using overlay injections and keylogging, stealing cookies and SMS texts from an infected device.

    When launched, the malware performs a series of checks to avoid detection by security software. These checks include determining the environment the app is running in (sandboxed or not), whether the device is rooted, and whether debugging is enabled in developer options. All of these factors give attackers a clue as to whether the Trojan is on the device of a regular user or a security researcher.

    If the environment is acceptable, the infection continues and Chameleon asks the victim for permission to use an accessibility service, which he abuses to grant himself additional permissions and make it harder to remove from the victim's device. The malware also requests that Google Play Protect be disabled so that the system does not detect the installation of additional payloads.

    When it first connects to the C2 server, the malware sends data about the device model, operating system version, root status, the victim's country of residence, and even the exact coordinates of the device's location.

    Depending on what service the malware pretends to be, when it starts, it opens a perfectly legitimate URL for that service in a WebView, but the malicious modules start loading in the background. These include a cookie thief, a keylogger, a phishing page injector, a PIN/lock screen code interceptor, and an SMS hijacker that can intercept one-time passwords (OTP) and help attackers bypass 2FA protection.

    Even if the victim suspects something is wrong, due to the cunning algorithm of the built-in protection, the usual removal of the malware will not lead to the desired result. Moreover, the Trojan can be added to the system autostart, and will reconnect with the C2 server when the device is restarted.

    Most of these malicious programs rely on the abuse of accessibility services, which is what gives them such extensive functionality. Therefore, unfamiliar applications should never be given such access, especially if there is no clear certainty that they really need it.

    Cyble also discovered code that allows Chameleon to download an additional payload and store it on the device as a ".jar" file for later execution through the DexClassLoader. However, this feature is currently not exploited by attackers.

    Chameleon is a new mobile threat that may add even more new features and functionality in future versions. Android users are advised to be careful with the apps they install on their devices. It is worth downloading software only from official stores, and the Google Play Protect system must always be enabled.

    Author DeepWeb
    OpenAI hit the ceiling in the development of neural networks
    Brazilian authorities decided to block Telegram in the country

    Comments 0

    Add comment