PIN-Stealing Android Malware
This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN:
The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication.
The malware captures any PINs and passwords the victim enters to unlock their device and can later use them to unlock the device at will to perform malicious activities hidden from view.
Clive Robinson • January 9, 2024 9:25 AM
@ ALL,
Apparently it attaches it’s self using the “Zombinder” service to legitimate “Android package files”(APK) a user downloads.
But –from the article– the Zombinder service developers / suppliers claim
This suggests that things are maybe deficient on Googles side of the fence.
But then the “walk the user through” HTML page to bypass the security “restricted settings” is as they say yet another nice touch.
The real question though is,
“Is there anything Google can do to limit or stop this sort of attack, and still leave the OS viable?”
As the initial stages all appear to be done via misleading users (ie what was once seen as an extension to social engineering).
But it further suggests that “Walled Gardens” and “Code Signing” are alao deficient or at best quite fragile security mechanisms. With much more robust systems required as a minimum.
Many years ago people were asking if “Walled Gardens” were a way to steal user freedoms on the assumption the users were not susceptible to such attacks…
Can we actually provide systems that are secure against users?
I’d like to say yes, but the honest answer is probably no.