Notorious Chameleon malware, capable of hijacking devices, returns disguised as a customer relationship management (CRM) application
First discovered by Mobile Threat Intelligence analysts at Threat Fabric, the Chameleon Trojan targeted an international restaurant chain in Europe and Canada. This malware masquerades as a restaurant CRM application and targets hospitality and B2C businesses.
The Chameleon Trojan is capable of bypassing Android 13+ restrictions and installing a malicious payload on users’ devices. Once downloaded, the dropper displays a fake CRM login page asking for an employee ID. When the employee enters the ID, a message appears asking them to reinstall the app, when Chameleon is actually installed. A fake website is then loaded that asks for the employee’s credentials again, and the malware is already running in the background, collecting sensitive information using a keylogger.
This information can be used for further attacks or sold on underground forums. The Chameleon Trojan has already become a serious threat, targeting users in Australia and Poland, bypassing biometric security and stealing PINs and other data.
The release of a new version of the Chameleon malware is a serious threat to businesses, especially in the hospitality industry. Companies should be cautious and take steps to protect their devices and networks.
364 
375 
382 