The Chameleon banking trojan was first identified during its early development phase and was first observed in the wild in early 2023. Its usage of several loggers, restricted malicious functionality, and clearly described yet unutilized instructions suggested a clear possibility for future development and effect.
This banking trojan demonstrated a unique capacity to control a victim’s device and carry out actions via a proxy function on the victim’s behalf. Attacks known as Account Takeover (ATO) and Device Takeover (DTO) are made possible by this feature, which mostly targets bitcoin services and banking apps. The misuse of Accessibility Service credentials was necessary for these functions to work. A variety of dissemination techniques were also used by the previous iteration of the banking trojan, Chameleon.