Notorious Chameleon Android banking trojan has reemerged in the form of a malicious customer relationship management app to compromise a global Canadian restaurant chain, particularly its locations in Canada and Europe, according to Cybernews.
Attackers commenced the operation with the deployment of dropper that could evade protections in Android 13 and newer devices before displaying a fraudulent CRM login page requesting an employee ID, which when performed facilitates the installation of Chameleon, a report from Threat Fabric showed. With the appearance of another phony site seeking employee credentials, Chameleon could proceed with gathering of sensitive details, reported Threat Fabric researchers. "If the attackers succeed in infecting a device with access to corporate banking, Chameleon will gain access to business banking accounts and pose a significant risk to the organization. The increased likelihood of such access for employees whose roles involve CRM is the likely reason behind the choice of masquerading during this latest campaign," said researchers.
