Author

Topic: [Warning]: New Android Malware - Chameleon (Read 134 times)

hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
April 22, 2023, 01:32:39 PM
#11
Moral of the story, stop downloading weird unknown apps.  Even if they are listed on an App Store.  Research, not every thing you see brings a positive change or experience.

I do not get why some body would download an unknown app first of all.  Like just why.  For cool User Interface?  For supporting all kinds of Shit coins?  There are so many GOOD apps you can find and the most basic ways of checking for red flags are literally on the download page on the Play Store.  Stop being lazy and start spending seconds to check for red flags over spending days mourning loss of your life savings.
legendary
Activity: 1596
Merit: 1288
Yes, sometimes it's better to really have a separate devices for our online wallets, like what we practice with our laptops and PC. We learned before that there are a lot of malwares getting into our laptops and PC if we are not careful.
Using the same wallets on the same devices will not enhance the safety of your currencies, but rather a cold storage device (stopping the transaction) and the other to broadcast it or use a multi-signature wallet and leave one of them not connected to the Internet.

I noticed that no wide attacks were reported due to this new Android Malware
hero member
Activity: 3024
Merit: 680
★Bitvest.io★ Play Plinko or Invest!
I don't download any app on my main phone and with such in existence, those people that have their crypto apps and wallets in the same phone and they're also downloading almost anything. Those are the people that needs to be careful.

Better not download anything on the playstore without DYOR.

It's easy to download but knowing what you're downloading takes now responsibility or else some unexpected hack may happen.

That icon of a blurred woman, that's for sure where many will fall.
hero member
Activity: 2842
Merit: 772
t is better to allocate a separate phone for the cryptocurrency wallets you use, as the cost of an average value phone may be in the range of $100, which is a small amount for those who seriously think about protecting their money.

Do not use that phone to browse or download unknown wallets or wallets that are not well known, just one or two open source wallets.

If you intend to invest in altcoins, buy a hardware wallet, and if that coin or token is not listed in that wallet, it is better avoid it or keep it inside exchange.

Downloading too many wallets is a vulnerability that may cause you to lose your money.

Yes, sometimes it's better to really have a separate devices for our online wallets, like what we practice with our laptops and PC. We learned before that there are a lot of malwares getting into our laptops and PC if we are not careful.

So the same thing with our mobile wallets, we should be better implementing a lot of security practices otherwise it will be the same going to be laid out to us by this criminals. We can't really emphasized on security like not clicking a link or downloading softwares from a unknown source.
legendary
Activity: 1596
Merit: 1288
t is better to allocate a separate phone for the cryptocurrency wallets you use, as the cost of an average value phone may be in the range of $100, which is a small amount for those who seriously think about protecting their money.

Do not use that phone to browse or download unknown wallets or wallets that are not well known, just one or two open source wallets.

If you intend to invest in altcoins, buy a hardware wallet, and if that coin or token is not listed in that wallet, it is better avoid it or keep it inside exchange.

Downloading too many wallets is a vulnerability that may cause you to lose your money.
hero member
Activity: 714
Merit: 521
So many Malware especially on Android devices, this is the reason we have to be careful on where we download applications, the type of applications we download and the site we visit (you don't always have to accept cookies, except it is a trusted site and you don't have any other place to get the information and the information is really needed by you) .

Many people make use of the Android device to log into their profile portfolios, wallet and other means they use in hosting their assets, but we often advise that when you're using a device for the storage of your bitcoin, it must not be the one that is connected to the internet, which means an open source wallet on an airgapped device is a good recommendation in this aspect, Android devices are fast means of malware carrier and most were often assic to the internet connectivity when we go online, click links or make downloads on our devices.
hero member
Activity: 644
Merit: 661
- Jay -
Chameleon is a popular name used by malwares and viruses, I could find some which date as far back as 2014 or earlier. This could be a new strain with no relations to previous versions or an updated version of an earlier one to make it spread through unlikely means like attachments in discord or compromised websites.

So just be careful downloading Coinspot, if you are using it, be sure you got it from reputable source.
Be careful when downloading any application. Ensure you get it from the official website and verify the PGP signature.

- Jay -
hero member
Activity: 2660
Merit: 551
Yes, some of this malware are dual purpose, they might start as a banking trojan in the beginning, and then evolved into a more sinister attack that includes cryptos - wallet supported and then our password on exchanges and private keys and mnemonic phrase.

And so the list is growing like every day, like the one that is being reported, it is new but has been spotted in the wild.

Again, we don't know to be a rocket scientist here, just don't download anything that we find in the web, not just android apps. And we should used our mind not to click to any links given to us thru emails and other methods.
sr. member
Activity: 700
Merit: 470
Hope Jeremiah 17vs7
So many Malware especially on Android devices, this is the reason we have to be careful on where we download applications, the type of applications we download and the site we visit (you don't always have to accept cookies, except it is a trusted site and you don't have any other place to get the information and the information is really needed by you) .
sr. member
Activity: 1372
Merit: 348
There are lots of new malware that were posted this year 2023, most of them are able to collect banking data so it is quite frightening how this malware is freely included on the apps we are downloading.  Aside from that, mobile phone security are often disregarded.

Published on March 28, 2023, the article[1] stated a new android botnet trojan being out to collect banking data

Quote
Staying safe online feels like it's more challenging by the passing day, with even reputable password managers falling prey to hackers. Bad actors who cannot be bothered to develop their own utilities from scratch can even use turnkey solutions like MaaS (malware as a service) to infect devices and distribute a custom, nefarious payload. Security researchers have discovered the resurgence of one such MaaS called Nexus, designed to capture banking information from your Android device using a trojan.

Cybersecurity firm Cleafy analyzed Nexus’s modus operandi using sample data from underground forums (via TechRadar). This botnet was first identified in June last year, and it lets its clients perform account takeover (ATO) attacks for a $3,000 monthly fee. Nexus makes inroads into your Android device disguised as a legitimate app packing a malicious trojan on shady third-party Android app stores. Once infected, the victim’s devices becomes a part of the botnet controlled by the hacker.

Just to get updated on these malwares, this link[2] has the list of android malwares and viruses and some tips to protect our devices.
Screenshot of the given list of malware apps





[1] https://www.androidpolice.com/android-botnet-trojan-steal-banking-data/
[2] https://www.malwarefox.com/android-virus-list/
hero member
Activity: 1414
Merit: 542
There is a new android malware in the wild and it's called Chameleon. As far as research goes, this is new, and not related to any malware or strain of it. And it hides behind a crypto currency app CoinSpot. And it's found to be using different kind of icons to trap users in downloading them.



And the way they are spread:

-   compromised websites,
-   Discord attachments,
-   and Bitbucket hosting services.

And it has this capabilities:

-    Keylogging
-    Overlay attack
-    SMS-harvesting
-    Preventing uninstallation
-    Cookie stealer
-    Lock grabber
-    Anti-emulation technique
-    Auto-uninstallation
-    Disabling Google Play Protect

So just be careful downloading Coinspot, if you are using it, be sure you got it from reputable source.

https://blog.cyble.com/2023/04/13/chameleon-a-new-android-malware-spotted-in-the-wild/
Jump to: