Skip to content

Hide Navigation Hide TOC

Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f)

Chameleon is an Android banking trojan that can leverage Android’s Accessibility Services to perform malicious activities. Believed to have been first active in January 2023, Chameleon has been observed targeting users in Australia and Poland by masquerading as official applications. A new variant of Chameleon has expanded its targets to include Android users in the United Kingdom and Italy.(Citation: cyble_chameleon_0423)(Citation: ThreatFabric_Chameleon_Dec2023)

Cluster A Galaxy A Cluster B Galaxy B Level
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Access Notifications - T1517 (39dd7871-f59b-495f-a9a5-3cb8cc50c9b2) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Phishing - T1660 (defc1257-4db1-4fb3-8ef5-bb77f63146df) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Abuse Accessibility Features - T1453 (2204c371-6100-4ae0-82f3-25c07c29772a) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Native API - T1575 (52eff1c7-dd30-4121-b762-24ae6fa61bbb) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Ingress Tool Transfer - T1544 (2bb20118-e6c0-41dc-a07c-283ea4dd0fb8) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Non-Standard Port - T1509 (948a447c-d783-4ba0-8516-a64140fcacd5) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Lockscreen Bypass - T1461 (dfe29258-ce59-421c-9dee-e85cb9fa90cd) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Prevent Application Removal - T1629.001 (dc01774a-d1c1-45fb-b506-0a5d1d6593d9) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Scheduled Task/Job - T1603 (00290ac5-551e-44aa-bbd8-c4b913488a6d) Attack Pattern 1
Chameleon - S1083 (2cf00c5a-857d-4cb6-8f03-82f15bee0f6f) Malware Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern 1
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern 2
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f) Attack Pattern 2
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern 2
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern 2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern 2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 2
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Prevent Application Removal - T1629.001 (dc01774a-d1c1-45fb-b506-0a5d1d6593d9) Attack Pattern Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern 2