Through a fake CRM app, cybersecurity experts have discovered a new strategy employed by the threat actors behind the Android banking trojan Chameleon, which poses as customer relationship management (CRM) software to target users in Canada.
Researchers in cybersecurity have uncovered a new tactic used by the threat actors behind the Android banking trojan Chameleon, which targets Canadian users by pretending to be customer relationship management (CRM) software. “A Canadian restaurant chain that operates internationally was the target of Chameleon, which was observed posing as a CRM app,” according to a technical analysis released on Monday by ThreatFabric, a Dutch security company. Targeting consumers in Canada and Europe, the advertisement was first seen in July 2024 and suggested that the company was expanding its victimology reach beyond Australia, Italy, Poland, and the United Kingdom. The use of CRM-related themes by the malicious dropper programs that carry the malware suggests that business-to-consumer (B2C) workers and consumers in the hospitality industry are the intended targets.
Additionally, the dropper artifacts are made to go beyond Google’s restricted settings, which were implemented in Android 13 and later. This is done to stop sideloaded programs from demanding risky rights, such as accessibility services, a tactic that was previously used by SecuriDroper and Brokewell. After installation, the program presents a phony login page for a CRM tool before pretending to be an error message and asking the victims to reinstall it—but in actuality, it launches the Chameleon payload.
After that, the fake CRM website is loaded once more, and users are asked to finish the login process. However, a separate error message claiming that the user’s account has not been activated appears. Speak with the human resources division. “With the ability to do on-device fraud (ODF) and transfer user funds fraudulently, Chameleon can also gather credentials, contact lists, SMS messages, and geolocation data by using overlays and a broad range of permissions. “If the attackers succeed in infecting a device with access to corporate banking, Chameleon gets access to business banking accounts and poses a significant risk to the organization,” ThreatFabric stated. “The most plausible explanation for the choice of the masquerade during this most recent incident is the higher chance of such access for workers whose positions entail CRM.
This development occurs weeks after IBM X-Force revealed the details of a banking malware campaign in Latin America carried out by the CyberCartel gang to get financial information and credentials, as well as to distribute a trojan called Caiman through rogue Google Chrome extensions. “The ultimate objective of these malicious activities is to install a harmful browser plugin on the victim’s browser and use the man-in-the-browser technique,” the business stated. “Along with other pertinent data, such as hacked system information and on-demand screenshots, this enables the attackers to obtain vital banking information illegally. The threat actors share setups and updates over a Telegram channel.”
Also read: Achieving Rapid Outcomes with AI-Driven Cloud Analytics
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.