A new Chameleon Trojan campaign has been discovered by cybersecurity researchers, targeting users in Canada and Europe [1] [3], particularly in the hospitality sector and Business-to-Consumer (B2C) roles [1] [3].
Description
This campaign, identified in July 2024 [1] [2] [3], expands its reach from Australia, Italy [1] [2] [3], Poland [1] [2] [3], and the UK [1] [2] [3]. The malware is designed to bypass Android 13+ AccessibilityService restrictions and aims to gain access to business banking accounts, posing a significant risk to organizations [1] [3] [4] [5]. The trojan masquerades as a Customer Relationship Management (CRM) app [1] [2], displaying fake login pages to steal employee credentials and sensitive information through keylogging [5]. The evolving tactics of Chameleon underscore the targeted intent through attacks on hospitality industry employees [4], with the potential to steal sensitive data or infiltrate systems [4]. The Chameleon payload [1] [2] [3], once deployed, is capable of conducting on-device fraud [1], fund transfers [2], and data theft [2]. This resurgence of Chameleon follows its history of impersonating trusted apps to steal data from user devices. The campaign has expanded its victimology footprint to include customers in Canada and Europe [3], in addition to Australia [3], Italy [1] [2] [3], Poland [1] [2] [3], and the UK [1] [2] [3]. The malicious dropper apps containing the malware are themed around CRM [3], indicating that the targets are likely customers in the hospitality sector and Business-to-Consumer employees [3]. These dropper artifacts are designed to bypass Restricted Settings in Android 13 and later [3], allowing them to request dangerous permissions [3]. Once installed, the app displays a fake login page for a CRM tool and then prompts the victims to reinstall the app [3], deploying the Chameleon payload instead [3]. This can pose a significant risk to organizations if devices with access to corporate banking are infected [3].
Conclusion
The Chameleon Trojan campaign poses a serious threat to organizations, especially those in the hospitality sector and Business-to-Consumer roles [3]. It is crucial for businesses to implement strong cybersecurity measures to protect against such attacks and to educate employees on how to identify and prevent malware infections. As cyber threats continue to evolve, it is essential for organizations to stay vigilant and proactive in their cybersecurity efforts to safeguard sensitive data and prevent financial losses.
References
[1] https://thehackernews.com/2024/08/chameleon-android-banking-trojan.html
[2] https://cybermaterial.com/chameleon-trojan-spreads-via-fake-crm-app/
[3] https://cyber.vumetric.com/security-news/2024/08/07/chameleon-android-banking-trojan-targets-users-through-fake-crm-app/
[4] https://cyberpress.org/crm-app-to-attack-it-employees/
[5] https://www.darkreading.com/endpoint-security/chameleon-banking-trojan-makes-a-comeback-cloaked-as-crm-app
