Friend
Professional
- Messages
- 2,675
- Reaction score
- 1,053
- Points
- 113
A new malicious dropper bypasses the protection of Android 13 with frightening ease.
Researchers at discovered a new malware campaign by Chameleon targeting employees in the hospitality industry. Attackers use deceptive tactics, disguising malware as a mobile CRM application.
Analysis of files uploaded to VirusTotal revealed evidence of targeted attacks, including a reference to a Canadian restaurant chain operating internationally. This indicates that the attacks are aimed at specific organizations in the hospitality industry.
The file names used indicate that the campaign is targeting the restaurant business and possibly the broader B2C sector. Successfully infecting devices that have access to corporate bank accounts gives Chameleon control over business accounts, which poses a significant threat to organizations.
In December last year, we already wrote about the Android malware Chameleon, when attackers used it to attack banking applications in Europe. At the same time, this malware was first identified in April 2023, when researchers caught it imitating an Australian cryptocurrency exchange, an Australian government agency, and a Polish bank.
A new type of dropper used in the latest Chameleon malware campaign is able to bypass the security measures of Android 13, demonstrating a critical evolution in the capabilities of attackers. After activation, the dropper shows a fake CRM login screen, requesting the employee ID. Then you get a false request to reinstall the app, while the malicious Chameleon component is installed unnoticed on the device.
Chameleon bypasses the enhanced security measures of Android 13 and later, especially the accessibility service restrictions, by creating a hidden threat on the victim's device. In addition to installing the malware, the credentials entered at the previous stage also leak into the hands of intruders.
Chameleon actively works in the background, using keylogging to steal any credentials you enter and other sensitive information, which is especially dangerous on corporate smartphones used in the hotel industry. All the information obtained in this way can be used for subsequent attacks or sold on cybercrime forums.
In parallel, the researchers found that, in addition to the hospitality industry, Chameleon attacks also target financial institutions, where the malware is disguised as a security application for installing a fake certificate. This highlights the evolution of malware tactics and the need for robust countermeasures.
Cybercriminals are increasingly targeting employees of B2C businesses to gain access to corporate accounts and bank accounts via mobile devices. As the experience with malicious software like Chameleon shows, the growth of mobile software products for small and medium-sized businesses creates more and more opportunities for attacks.
According to ThreatFabric, financial and other institutions operating under the B2C model should actively inform their customers and employees about such threats, emphasizing the potential consequences of malware infection. The introduction of anomaly detection systems and malware detection capabilities will allow organizations to increase their security and protect customer assets from unauthorized access.
Source
Researchers at discovered a new malware campaign by Chameleon targeting employees in the hospitality industry. Attackers use deceptive tactics, disguising malware as a mobile CRM application.
Analysis of files uploaded to VirusTotal revealed evidence of targeted attacks, including a reference to a Canadian restaurant chain operating internationally. This indicates that the attacks are aimed at specific organizations in the hospitality industry.
The file names used indicate that the campaign is targeting the restaurant business and possibly the broader B2C sector. Successfully infecting devices that have access to corporate bank accounts gives Chameleon control over business accounts, which poses a significant threat to organizations.
In December last year, we already wrote about the Android malware Chameleon, when attackers used it to attack banking applications in Europe. At the same time, this malware was first identified in April 2023, when researchers caught it imitating an Australian cryptocurrency exchange, an Australian government agency, and a Polish bank.
A new type of dropper used in the latest Chameleon malware campaign is able to bypass the security measures of Android 13, demonstrating a critical evolution in the capabilities of attackers. After activation, the dropper shows a fake CRM login screen, requesting the employee ID. Then you get a false request to reinstall the app, while the malicious Chameleon component is installed unnoticed on the device.
Chameleon bypasses the enhanced security measures of Android 13 and later, especially the accessibility service restrictions, by creating a hidden threat on the victim's device. In addition to installing the malware, the credentials entered at the previous stage also leak into the hands of intruders.
Chameleon actively works in the background, using keylogging to steal any credentials you enter and other sensitive information, which is especially dangerous on corporate smartphones used in the hotel industry. All the information obtained in this way can be used for subsequent attacks or sold on cybercrime forums.
In parallel, the researchers found that, in addition to the hospitality industry, Chameleon attacks also target financial institutions, where the malware is disguised as a security application for installing a fake certificate. This highlights the evolution of malware tactics and the need for robust countermeasures.
Cybercriminals are increasingly targeting employees of B2C businesses to gain access to corporate accounts and bank accounts via mobile devices. As the experience with malicious software like Chameleon shows, the growth of mobile software products for small and medium-sized businesses creates more and more opportunities for attacks.
According to ThreatFabric, financial and other institutions operating under the B2C model should actively inform their customers and employees about such threats, emphasizing the potential consequences of malware infection. The introduction of anomaly detection systems and malware detection capabilities will allow organizations to increase their security and protect customer assets from unauthorized access.
Source
