Chameleon Mobile Malware Targets EU Countries

Since the beginning of the year, cybercriminals have been targeting Android users in Australia and Poland with a new Trojan called ‘Chameleon’.

This malicious software imitates several legitimate sites such as the Australian government agency, the IKO bank, and the CoinSpot cryptocurrency exchange. The Trojan has been distributed through Bitbucket hosting services, Discord attachments, and compromised websites. Once the malware is launched, it performs various checks to evade detection by security software. This includes detecting if the device is rooted and debugging is activated. If these checks are passed, the malware requests permission to use the Accessibility Service, which it abuses to gain additional permissions and prevent the user from uninstalling it.

The Trojan is capable of stealing user credentials through overlay injections, keylogging, cookies, and SMS texts from the infected device. To avoid becoming a victim, Android users are advised to only download software from official stores, be cautious of the apps they install, and always enable Google Play Protect.

Is it Possible to Download Malicious Apps from the Official App Stores?

While official app stores such as Google Play and the Apple App Store have measures in place to prevent malicious apps from being listed, it is still possible for some to slip through the cracks. Hackers have been known to use various tactics such as hiding malware within seemingly legitimate apps or exploiting vulnerabilities in the app store's security measures to upload malicious apps. However, the risk of downloading a malicious app from the official app store is generally lower than downloading from third-party app stores or directly from unknown websites. It is still important for users to be cautious and do their research before downloading any app, even from the official app store.

The official app stores like Google Play and Apple App Store are generally considered to be safer sources for downloading apps because they have strict security measures in place. Before an app can be listed on the app store, it must go through a rigorous review process that checks for malicious code, security vulnerabilities, and compliance with various guidelines and policies. However, despite these measures, some malicious apps may still find their way onto the app store.

One common tactic used by hackers is to hide malware within seemingly legitimate apps. For example, a seemingly harmless game app may contain malicious code that activates when the user grants the app certain permissions or interacts with specific features. Another tactic is to exploit vulnerabilities in the app store's security measures to upload malicious apps. Hackers may use techniques like app cloning, repackaging, or obfuscation to bypass detection and get their apps listed on the app store.

While the risk of downloading a malicious app from the official app store is generally lower than downloading from third-party app stores or directly from unknown websites, it is still important for users to be cautious. Before downloading any app, it is advisable to do some research to check the app's reviews, ratings, and developer information. Users should also pay attention to the permissions requested by the app and only grant those that are necessary for its functionality.