Skip Navigation

Technology @lemmy.world L4sBot @lemmy.world

1y ago

Chameleon Android malware can turn off fingerprint unlock to steal your pin

me.mashable.com Chameleon Android malware can turn off fingerprint unlock to steal your pin

Be careful out there.

Chameleon Android malware can turn off fingerprint unlock to steal your pin

Chameleon Android malware can turn off fingerprint unlock to steal your pin::Be careful out there.

17 comments

It still needs a gullible user to change their settings for this to work; not much to worry about here.
- And not from the play store or official bank site.
  
  If you install an APK from unreliable source you should treat your phone and account as corrupted.
  
  It's funny imagining people saying this for anything but a phone. "You can only download from the Microsoft store or you should consider your device corrupted." Take caution, but you don't need to rely on daddy Google alone.
  
  you need Google to tell you what safe and what's not? have you ever used a desktop operating system where you usually install programs from different sources?
  
  Lmao what? I have literally never found an APK I was looking for that did anything sketchy to my phone
  
  You mean like Play, which is where 99% of installed malware comes from?
Note that for this attack to work, you have to be on Android 11 or below (or possibly an earlier patch) as by default accessibility services aren't allowed to draw-over or interact with elements in the settings app unless you explicitly override it in developer options.

This extends to some other areas, like for when biometric/system lock APIs are used.
- So you have to enable the "draw over settings", which is pretty deep in settings (developer options).
  
  You kinda deserve it if you do this. Lol

17 comments