Closed sergeykomlach closed 8 months ago
Chameleon's "biometric bypass" related to the device unlock screen - AccessibilityService emulates "swipe to up" action and open PIN/password unlock UI. I don't see any danger signals for regular BiometricPrompt and this library too.
Anyway, Frida/Substrate/Other hooking detection improved + some "naive" AccessibilityService checks added to prevent from PIN screen opening
New version of Chameleon malware able to bypass BiometricPrompt and open PIN screen instead use A11y service (https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action)
The library already has simple anti-Frida bypass protection, so need to extend the old one and also investigate Chameleon flow and prepare protection, if possible