FB pixel

Malware variant won’t compromise mobile biometrics, but it will neuter the code

Malware variant won’t compromise mobile biometrics, but it will neuter the code
 

Biometrics security on mobile devices is great unless it’s not turned on. Or if it gets turned off.

Researchers with a Dutch computer services firm have identified a variant of a known banking trojan that forces a device to switch from biometric authentication to PIN authentication. ThreatFabric says the malware can then unlock the device.

ThreatFabric says in a new report that the Android-specific Chameleon banking-focused trojan became a security problem in January. Chameleon is doing the most damage right now in Australia (where it specifically focuses on the nation’s tax office) and Poland.

It has been distributed on phishing pages doctored to look like legitimate apps. The new variant is distributed on the Zombinder platform on which criminals bind malware to Android apps.

The ability to sideline biometric security is new in the update. ThreatFabric’s report details how the hack works.

Biometric identifiers are untouched in this variant.

Nonetheless, the new Chameleon variant is not good news for the mobile biometric security market and raises the question, can biometric systems be created with their own defenses against being leapfrogged?

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Know your APAC digital ID regulations to take advantage of evolving market

One of the major trends in the digital identity landscape in 2024 has been the enactment of a series of…

 

Yoti facial age estimation helps Yubo build trust with users

Yubo, which bills itself as a “live social discovery platform,” has released a new case study showing how they have…

 

Ondato releases Age Verification Report as countries trend toward stricter regulations

Australia caused shockwaves when it approved a social media ban for under-16s a couple of weeks ago. The world-first law…

 

Denmark’s digital ID receives proximity check update

Denmark’s MitID digital identity system has received updates designed to boost the security of its app and prevent scammers from…

 

Nigeria tenders $83M digital identity system upgrade and MOSIP integration

Nigeria is planning to implement the MOSIP platform with its digital identity management system and upgrade its biometric capabilities with…

 

CyberArk IAM authentication FIDO2 certified

Identity cybersecurity company CyberArk has received FIDO2 certification for its access management product, confirming that it complies with the FIDO…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events