Chameleon Android malware disables fingerprint unlock feature to steal your PIN

The dreaded Chameleon Android malware has been upgraded to give attackers the ability to disable the fingerprint unlock feature and steal people’s PIN codes, according to cybersecurity researchers from ThreatFabric.

As per the researchers, Chameleon is similar to other banking malware out there, abusing the Android Accessibility Service to steal sensitive information from endpoints and mount overlay attacks. This new version comes with two notable changes – the ability to mount Device Takeover (DTO) fraud, and the ability to transition the lock screen from biometrics to PIN.