News Heading - 1

Android Banking Trojan Chameleon Now Bypasses Biometric Authentication

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A dangerous new variant of the Android banking malware Chameleon re-emerged with the ability to take over devices and bypass biometric measures to steal passwords and PINs.

Discovered by security researchers at ThreatFabric, the trojan now targets Android users in Italy and the UK. The previous version, identified in April 2023 , was known to target users in Australia by disguising itself as the Australian Taxation Office (ATO) and popular banking apps in Poland.

“Representing a restructured and enhanced iteration of its predecessor, this evolved Chameleon variant excels in executing Device Takeover (DTO) using the accessibility service, all while expanding its targeted region,” the company said .

Disguised as a Google Chrome app, the new variant is distributed via the Zombinder app-sharing service. Sold on the dark web, the dropper-as-a-service (DaaS) is used to attach malware to legitimate apps.

The current version has two distinct features. One, displaying a HTML page that guides users to enable Accessibility Services in Android devices, having the “Restricted Settings” feature of Android 13.

This security feature is meant to block the approval of dangerous permissions that helps hackers deploy Account and Device takeover attacks, grant itself permission, and steal files and data.

Second, by using the Accessibility service the malware can bypass any biometric prompt like face and fingerprint unlock and force the device to return to pattern, PIN, or password authentication. By doing this, the threat actor can later unlock the device at will and perform any malicious activity.

In addition to the above features, the new Chameleon variant also has the capability to schedule tasks using the AlarmManager API. The API helps you define, run, and manage any activity.

“The emergence of the new Chameleon banking trojan is another example of the sophisticated and adaptive threat landscape within the Android ecosystem,” ThreatFabric said. “Evolving from its earlier iteration, this variant demonstrates increased resilience and advanced new features.”

News Heading - 2

Mint Mobile Confirms Security Breach After User Data Compromised

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Mint Mobile disclosed a recent data breach incident wherein unauthorized threat actors accessed personal information of its users, which can result in potential SIM swap attacks.

Mint Mobile, US-based mobile virtual network operator (MVNO) that offers low cost, pre-paid plans. In March 2023, it was acquired by the US-based T-Mobile for $1.35 billion.

On December 22, the company started sending email notices to its users about the security breach. Titled, ‘‘ Important information regarding your account ,’’ the email notified impacted customers that a hacker had stolen certain information related to their account.

“We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained some limited types of customer information,’’ the email notice read. ‘’Our investigation indicates that certain information associated with your account was impacted,’’ it continued.

The exposed customer information includes, customer name, telephone number, email address, SIM serial number and IMEI number (a device identifier similar to a serial number), and a brief detail about the purchased service plan.

Mint assured its customers that they had already resolved the issue and had partnered with third-party security experts to mitigate the threat and prevent occurrence of similar incidents in the future.

The company said that there was no need for the impacted customers to take any action to secure their accounts. In case of any questions, they were directed to contact the given customer support number (949-704-1162).

In a public post, a Mint moderator on Reddit informed users about the email notice and customer support number. ‘’If you received a notice via email from no-reply@account.mintmobile.com on December 22, 2023, it is from Mint and is not a scam. The Customer Care number was setup to handle specific questions about this communication.’’

Previously, in 2021, the company suffered a data breach wherein a small number of users phone numbers were ported to another carrier, by an unauthorized threat actor.