Sure, your fingerprint is unique, but it can make it impossible to keep your personal information safe. That’s because a new version of the Android malware Chameleon reportedly allows malicious attackers to bypass the fingerprint feature and steal her PIN.
according to Researchers using ThreatFabric, this malware effectively tricks people into enabling accessibility services, allowing attackers to change their phones from biometric to PIN lock. To do this, According to Bleeping Computer, which pretends to be a legitimate Android app and displays an HTML page asking potential victims to turn on accessibility settings. This allows an attacker to bypass protections such as fingerprint unlocking. If the victim then logs in using her PIN instead of her fingerprint, the attacker can steal her PIN or password.
When using apps, especially banking apps, you should be careful to make sure they are genuine.
“These enhancements increase the sophistication and adaptability of the new Chameleon variant, making it a more powerful threat in the evolving landscape of mobile banking Trojans,” ThreatFabric said.
Bleeping Computer found that the main distribution method for malware is Android package files (APKs) from unofficial sources.
So be careful outside. Even your unique fingerprint may not be enough to protect you.
