Skip to content

Hide Navigation Hide TOC

Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f)

Chameleon is an Android banking trojan that can leverage Android’s Accessibility Services to perform malicious activities. Believed to have been first active in January 2023, Chameleon has been observed targeting users in Australia and Poland by masquerading as official apps.(Citation: cyble_chameleon_0423)

Cluster A Galaxy A Cluster B Galaxy B Level
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware 1
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware 1
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware 1
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware 1
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware 1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware 1
Non-Standard Port - T1509 (948a447c-d783-4ba0-8516-a64140fcacd5) Attack Pattern Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware 1
Prevent Application Removal - T1629.001 (dc01774a-d1c1-45fb-b506-0a5d1d6593d9) Attack Pattern Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware 1
Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc) Attack Pattern Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware 1
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Ingress Tool Transfer - T1544 (2bb20118-e6c0-41dc-a07c-283ea4dd0fb8) Attack Pattern 1
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware 1
Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6) Attack Pattern Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Access Notifications - T1517 (39dd7871-f59b-495f-a9a5-3cb8cc50c9b2) Attack Pattern 1
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f) Attack Pattern 2
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern 2
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern 2
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern Prevent Application Removal - T1629.001 (dc01774a-d1c1-45fb-b506-0a5d1d6593d9) Attack Pattern 2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 2
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern 2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern 2