Print Friendly, PDF & Email

Chameleon Trojan

Facts for Prelims (FFP)


Source: IE


Context: A new version of the ‘Chameleon Trojan’ malware has been discovered by security researchers, capable of disabling biometric authentication methods such as fingerprint and face unlock to steal a phone’s PIN.

  • The malware attaches itself to legitimate Android apps like Google Chrome to evade detection, running code in the background.
  • It uses the Accessibility service to gain unauthorized access, showing an HTML page with instructions on enabling the service in newer Android versions.
  • Chameleon Trojan collects sensitive information, such as PINs and passwords, and tracks user app usage habits to launch attacks when the device is least likely to be in use.


To protect against this malware, users are advised to avoid unofficial app sources, refrain from enabling the Accessibility service for unknown apps, run regular security scans, and keep Google Play Protect enabled.