Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Android banking Trojan Chameleon targets users through a fake CRM application
Global Security

Android banking Trojan Chameleon targets users through a fake CRM application

AdminBy AdminAugust 7, 2024No Comments3 Mins Read
Android Banking Trojan
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


August 7, 2024Ravi LakshmananAndroid / Mobile Security,

Android banking trojan

Cyber ​​security researchers have discovered a new technique adopted by threat actors Chameleon An Android banking trojan targeting users in Canada under the guise of a customer relationship management (CRM) program.

“Chameleon has been spotted posing as a CRM application targeting an internationally operating Canadian restaurant chain,” – Dutch security service ThreatFabric. said in a technical report published on Monday.

The campaign, spotted in July 2024, targeted customers in Canada and Europe, indicating an expansion of its victim footprint from Australia, Italy, Poland and the UK

The use of CRM-related themes for malware-laden droppers indicates that the targets are customers in the hospitality sector and B2C (Business-to-Consumer) employees.

Cyber ​​security

The eyedropper artifacts are also designed to bypass the restrictive settings Google introduced in Android 13 and later to prevent dangerous permission requests from side-loaded apps (such as accessibility services), a method previously used SecuriDroper and Brookwell.

Once installed, the program displays a fake CRM login page and then displays a fake error message urging victims to reinstall the program, while it actually deploys the Chameleon payload.

Android banking trojan

After this step, the fake CRM web page loads again, this time asking you to complete the login process, only to display another error message: “Your account has not been activated yet. Contact HR.”

Chameleon is equipped for on-device fraud (ODF) and fraudulent transfer of user funds, and uses overlays and a wide range of permissions to collect credentials, contact lists, SMS messages and geolocation information.

“If attackers manage to infect a device with corporate banking access, Chameleon gains access to corporate bank accounts and poses a significant threat to the organization,” ThreatFabric said. “The increased likelihood of such access for employees whose roles include CRM is a likely reason for the choice of masquerade during this latest campaign.”

Cyber ​​security

The development comes weeks after IBM X-Force detailed a Latin American banking malware campaign launched by the CyberCartel group to steal account and financial data and deliver a Trojan called Caiman via malicious Google Chrome extensions.

“The ultimate goal of these malicious activities is to install a malicious browser plug-in in the victim’s browser and use A person in a browser technique”, company said.

“This allows attackers to illegally harvest sensitive banking information along with other relevant data such as compromised machine information and on-demand screenshots. Updates and configurations are distributed through the Telegram channel by threat actors.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025

New data Wiper Pathwiper Data Wiper violates Ukrainian critical infrastructure in 2025 attack

June 6, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.