Categories: Tech

How to protect your Android from a banking threat that bypasses fingerprint unlock and steals your PIN

You might think that using your fingerprint or face to unlock your phone is more secure than using your PIN. 

But you could be wrong. Hackers have developed sophisticated Android malware that can disable your biometric security and steal your PIN and data.

What is the Chameleon Android banking malware?

The malware is known as the Chameleon Android banking trojan. It was first detected earlier this year. The trojan can mimic legitimate apps and trick you into granting it permissions. Once it has access to your device, it can monitor your activity and intercept your credentials.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

How does the malware bypass the restricted setting feature?

The malware can also bypass the security measure introduced in Android 13. This security measure, called the “restricted setting feature,” allows you to control which apps can access certain settings and features on your device. This feature was supposed to prevent hackers from using the restricted setting feature to take over your device. According to BleepingComputer, the malware can use a clever technique to trick you into granting it permission to use the restricted setting feature without your consent. This means that the malware can control your device and even disable your fingerprint or face scan.

How does the malware steal your money?

The malware can then display a fake lock screen and ask you to enter your PIN. If you do, the malware will capture your PIN and unlock your device. It can then access your banking apps and other sensitive information. It can also send money to the hackers’ accounts or purchase online goods without your knowledge.

Image of the front of an Android (Kurt "CyberGuy" Knutsson)

The sneaky malware can ask you to change your accessibility settings and force you to input your PIN

This new and improved version of the Chameleon Android banking trojan will pop open an HTML page, asking your permission to change your accessibility settings. It will then abuse your accessibility features until your phone forces you to input your PIN.

You might not even notice it, either. Chameleon uses a platform called Zombinder to attach the malware to innocent apps. It can also schedule tasks. So once a hacker learns your schedule, they can run the trojan when your phone is normally inactive.

Woman with Android in her hand  (Kurt "CyberGuy" Knutsson )

MORE: THIS STEALTHY ANDROID MALWARE CAN STEAL YOUR MONEY AND INVADE YOUR PRIVACY

How to protect your Android

1) The biggest way to protect yourself is only using legitimate app stores, like the Google Play Store, Amazon App Store, or Samsung Galaxy Store. Loading apps straight from the web, or sideloading, presents a ton of security risks. You usually can’t see everything a file might contain, and it’s easy for hackers to hide malware.

2) Google is constantly working on ways to mitigate threats like these. Make sure you’re using the latest version of Android.

ELEMENTARY STUDENTS AT MINNESOTA SCHOOL EXPOSED TO PORN DURING SCHOOL ZOOM CALL

3) You should have good antivirus software installed. One of the most important steps to safeguard your Android from the Chameleon banking trojan and other malware is to install and update reliable antivirus software. Having good antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails and ultimately protect you from being hacked. Find my review of Best Antivirus Protection here.

What should you do if your data is compromised?

If malware has already invaded your device, then you should take immediate action to minimize the damage and secure your device. Here are some steps you can follow:

Samsung cellphone (Kurt "Cyberguy" Knutsson )

MORE: BEWARE OF THESE POPULAR ANDROID APPS CONTAINING DECEPTIVE ADWARE

Change your passwords

The Chameleon banking trojan can use a keylogger to record your passwords when you type them on your Android device. This can give hackers access to your online accounts and your personal or financial information. To prevent this, you should change your passwords for all your important accounts as soon as possible. However, you should not do this on your infected device, because the hacker might see your new passwords. Instead, you should use ANOTHER DEVICE, such as your laptop or desktop, to change your passwords. Make sure you use strong and unique passwords that are difficult to guess or break. You can also use a password manager to generate and store your passwords securely.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Monitor your accounts and transactions

You should check your online accounts and transactions regularly for suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or the authorities as soon as possible. You should also review your credit reports and scores to see signs of identity theft or fraud.

Use identity theft protection

The Chameleon banking trojan can capture everything you type on your Android device, including your personal and financial information. Hackers can use this information to create fake accounts in your name, access your existing accounts and pretend to be you online. This can cause serious damage to your identity and credit score.

Video

To avoid this risk, you should use identity theft protection services. These services can track your personal information, such as your home title, Social Security Number (SSN), phone number and email address, and notify you if they detect any suspicious activity. They can also help you freeze your bank and credit card accounts to stop hackers from using them. Read more of my review of best identity theft protection services here. 

Contact your bank and credit card companies

If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should contact your bank and credit card companies and inform them of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges and issue new cards for you.

CLICK HERE TO GET THE FOX NEWS APP

Alert your contacts

If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.

Restore your device to factory settings

If you want to make sure that your device is completely free of any malware or spyware, you can restore it to factory settings. This will erase all your data and settings and reinstall the original Android version. You should back up your important data before doing this, and only restore it from a trusted source.

MORE: 10 SIGNS YOUR IDENTITY HAS BEEN COMPROMISED

Kurt’s key takeaways

While threats like Chameleon banking malware attacks are scary, it’s important to remember that you can protect yourself. Besides using official app stores, antivirus softwar, and the latest version of Android, you should also avoid downloading any apps that are not available on trusted platforms. Sideloading apps from unknown sources can expose your device to malware and hackers. You should never risk your Android security by sideloading apps.

Have you or someone you know encountered any issues with banking malware on your Android device? We’re interested in hearing about your experiences and any precautions you’ve taken to safeguard your personal information. Share your story by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover

Answers to the most asked CyberGuy questions:

  • What is the best way to protect your Mac, Windows, iPhone and Android devices from getting hacked?
  • What is the best way to stay private, secure and anonymous while browsing the web?
  • How can I get rid of robocalls with apps and data removal services?

Ideas for using those Holiday Gift cards

  • Last-minute gifts for the holidays
  • Best Holiday Week Deals EXTENDED
  • Best Cyber Week Laptop Deals
  • Best gifts for women 2023
  • Best gifts for men 2023
  • 22 best gifts for kids
  • Best gifts for pets

Copyright 2023 CyberGuy.com. All rights reserved.

Share

Recent Posts

NYPD arrests migrant who allegedly set woman on fire on subway train, watched her burn to death

close Video Tyrus 'could not be prouder' of NYC mayor after meeting with incoming 'border…

47 minutes ago

Prankster arrested after reportedly filming himself spraying food at Walmart: ‘Reckless’

close Video Fox News Flash top headlines for December 22 Fox News Flash top headlines…

3 hours ago

Woman dies after being set on fire while sleeping on NYC subway train: police

close Video Tyrus 'could not be prouder' of NYC mayor after meeting with incoming 'border…

3 hours ago

Fetterman: Those hoping Trump fails are ‘rooting against the nation’

Sen. John Fetterman, D-Pa., says he hopes President-elect Trump is successful, and spoke out against…

5 hours ago

Sen. Rand Paul pledges to get Trump’s cabinet picks approved ‘as quickly as possible’

Sen. Rand Paul, R-Ky., on Sunday said he "couldn’t be happier" with President-elect Trump’s Cabinet…

5 hours ago

GOP rep who hasn’t voted in months living in retirement facility: source

Rep. Kay Granger, R-Texas, has been living in a retirement facility, a source told Fox…

5 hours ago