โ€˜Chameleonโ€™ Android banking trojan can bypass biometric auth

Dec 25 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that worries that cybercriminalsย see you when you're sleeping. They know when you're awakeโ€ฆ ๐Ÿ‘€๐Ÿ˜‚ Merry Christmas everyone but donโ€™t forget, cybercrime doesnโ€™t take a day off ๐Ÿ˜ญ๐Ÿ’€๐ŸŽ…๐ŸŽ…๐ŸŽ…

Todayโ€™s hottest cybersecurity news stories:

  • ๐ŸฆŽ โ€˜Chameleonโ€™ Android banking trojan can bypass biometric auth ๐Ÿ”“

  • ๐Ÿ‘พ Predator spyware is back and this time itโ€™s reboot-proof in Android ๐Ÿค–

  • โš ๏ธ Microsoft warns of FalseFont backdoor targeting the defence sector ๐Ÿ‘จโ€๐Ÿ’ป

Karma karma karma karma karma Chameleon, Trojan and go, Trojan and go ๐ŸŽถ๐Ÿ™ˆ๐Ÿ˜‚

๐Ÿšจ Security Alert: Chameleon Banking Trojan Strikes Again! ๐Ÿšจ

Cybersecurity researchers have uncovered an upgraded version of the Android banking malware, Chameleon, now targeting users in the U.K. and Italy. This evolved variant excels in Device Takeover (DTO), expanding its reach beyond Australia and Poland.

๐Ÿ•ต๏ธ How Does it Work?

Chameleon abuses Android's accessibility service, harvesting sensitive data and conducting overlay attacks. Initially found on phishing pages impersonating institutions, the malware is now delivered through Zombinder, a dropper service resurfaced last month.

๐Ÿ›ก๏ธ Protection Measures

Google Play Protect defends against Chameleon, but users are urged to stay vigilant. The malware tricks users into enabling accessibility services, especially on Android 13 or later. It now disrupts biometric operations using Android APIs, transitioning lock screens to PIN.

๐Ÿ”„ Evolution of Threats

The Chameleon's resurgence highlights the dynamic Android threat landscape. Google notes increased resilience and advanced features, reflecting a broader trend of 29 malware families targeting 1,800 banking apps globally over the past year.

๐ŸŽฏ Top Targets

Traditional banking apps remain prime targets, with the U.S., U.K., and Italy leading. Notable apps include Bank of America, Barclays, and Binance. The evolving landscape includes new threats like Nexus, Godfather, and PixBankBot.

๐Ÿ” Stay Safe

Regularly update your device, use reputable security apps, and avoid downloading apps from untrusted sources. Be cautious of unexpected requests for accessibility settings.

Remember, awareness is the key to a safer digital experience! ๐Ÿ›ก๏ธ๐Ÿ’ป

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Whereโ€™s Alien when you need him, eh? ๐Ÿ‘ฝ๐Ÿฟ๐Ÿ˜‚

๐Ÿ” Insider Intel: Predator Spyware's Evolution! ๐Ÿ•ต๏ธโ€โ™‚๏ธ

Cisco Talos researchers have unveiled a surprising update on the Predator spyware, revealing a new "add-on feature" that allows it to persist between reboots. This capability, previously absent in 2021, is now offered based on customer licensing options, showcasing the spyware's adaptability.

๐Ÿค– Intellexa Alliance's Creation

Predator, born from the Intellexa Alliance consortium, includes entities like Cytrox and Nexa Technologies. Notably, both Cytrox and Intellexa faced U.S. sanctions in July 2023 for "trafficking in cyber exploits." Predator's seamless functioning relies on its symbiotic relationship with the loader component Alien.

๐Ÿ’ฐ Pricing and Accessibility

Operating as a "remote mobile extraction system," Predator targets Android and iOS with a licensing model in the millions. This hefty price tag keeps it out of reach for novice criminals, emphasising its sophistication.

๐Ÿ”“ Adapting to Security Measures

As Apple and Google tighten security, spywares like Predator and Pegasus adapt by seeking zero-day exploits. However, Intellexa's unique approach involves offloading attack infrastructure setup to customers, providing plausible deniability.

๐ŸŒ Global Operations

Intellexa maintains geographical restrictions tied to licences, with customers operating within a specific country code prefix. Yet, for an extra fee, this constraint can be loosened.

๐Ÿ’ก The Need for Transparency

Despite public exposure, offensive actors like Intellexa continue to thrive globally. Researchers emphasise the importance of public disclosures, enabling scrutiny and driving detection efforts, ultimately imposing development costs on spyware vendors.

๐Ÿ›ก๏ธ Stay Informed, Stay Secure! Keep up with the ever-evolving world of cybersecurity. ๐ŸŒ๐Ÿ”’

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Microsoft says: Font be fooled ๐Ÿค“๐Ÿ˜ฌ๐Ÿ™ˆ

๐Ÿšจ Iranian Actor Targets Defense Sector with 'FalseFont' Backdoor! ๐ŸŒ

In the ongoing saga of cybersecurity, Microsoft has identified a new danger โ€“ an Iranian threat actor aiming at the Defense Industrial Base (DIB) sector. This campaign introduces a never-seen-before backdoor named 'FalseFont.'

๐Ÿ’ป FalseFont Backdoor Unveiled

Microsoft's Threat Intelligence team reveals that FalseFont is a custom backdoor armed with diverse functionalities, granting remote access, file launches, and data transmission to its command-and-control servers. The first sighting dates back to November 2023.

๐Ÿ‘ Peach Sandstorm Strikes Again

Microsoft associates this campaign with Peach Sandstorm (AP33, Elfin), noting its evolution in threat actor tradecraft.

The group was previously linked to password spray attacks targeting satellite, defence, and pharmaceutical sectors globally.

Peach Sandstorm, with roots traced back to 2013, continues its mission to gather intelligence supporting Iranian state interests.

๐ŸŽฃ Phishing Alert

As tensions rise, the Israel National Cyber Directorate accuses Iran and Hezbollah of unsuccessful attempts to target Ziv Hospital. Meanwhile, a phishing campaign leverages a fake advisory to deliver wiper malware, exploiting a critical F5 BIG-IP flaw.

๐Ÿ›ก๏ธ Stay Vigilant

Cyber threats persist, but awareness is our best defence. Regularly update systems, employ robust security measures, and remain cautious of phishing attempts.

๐Ÿ‘€ Keep Watch for Further Updates! Cybersecurity remains a collective effort. ๐Ÿค๐Ÿ”’

And Merry Christmas again cyber squad! ๐Ÿฅณ๐ŸŽ‰๐Ÿฆƒ๐ŸŽโ„๏ธ๐ŸŽ„โ˜ƒ๏ธ๐Ÿ—โ›ช๐ŸฆŒ๐ŸŽ…

Thanks for sticking with us and have a great holidayโ€ฆ But donโ€™t worry weโ€™ll be back tomorrow and all through the break to keep you safe and secure ๐Ÿ‘€๐Ÿ˜‚๐Ÿฅ‚

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles