This Android malware turns off fingerprint unlock to steal your pin

Sure, your fingerprint is one of a kind, but it might not keep your personal information safe any longer. That's because a new version of the Chameleon Android malware reportedly allows bad actors to bypass your fingerprint feature to steal your PIN.

According to researchers with ThreatFabric, the malware effectively tricks people into turning on accessibility services, which then allows attackers to change the phone from a biometric to a PIN lock. It does this, according to Bleeping Computer, by posing as legitimate Android apps and then displaying an HTML page that asks potential victims to turn on accessibility settings. This allows attackers to bypass protections, including fingerprint unlock. Then, when a victim uses the PIN to log-in instead of a fingerprint, the attackers are able to steal that PIN or any password.

People should be careful to make sure if they use an app, especially a banking app, that it is legitimate.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

"These enhancements elevate the sophistication and adaptability of the new Chameleon variant, making it a more potent threat in the ever-evolving landscape of mobile banking trojans," ThreatFabric said.

Bleeping Computer noticed the primary distribution method for the malware was Android package files (APKs) from unofficial sources.

---

Related Stories

---

• The best malware protection software to guard you from online threats
• 'Gay furry hackers' breach nuclear lab, demand it create catgirls
• Your mental health internet search may lead to malware
• That tax form could be malware in disguise. Here's how to tell.
• How to keep your bitcoin safe from hackers with Trezor Safe 3

So be careful out there. Even your unique fingerprint might not be enough to protect you.