In a recent cybersecurity breach, a covert operation has been launched against hospitality employees in Canada and Europe, with a particular focus on a globally-operating Canadian restaurant chain. The culprit? A banking malware known as Chameleon, which was first identified in December 2022.
This malware cleverly masquerades as a customer relationship management (CRM) application—a tool commonly used in the hospitality industry for streamlining tasks, enhancing communication, and analyzing data. The cybersecurity firm Threat Fabric, which disclosed the attack in a Monday report, has not named the specific CRM app exploited by the attackers.
The campaign’s reach is not limited to the hospitality sector; it also poses a threat to employees of direct-to-customer retailers across Canada and Europe. The malware’s primary goal is to infiltrate devices with access to corporate banking, thereby enabling the attackers to target business banking accounts.
The modus operandi of Chameleon involves a dropper that can evade security measures on Android devices, particularly those running version 13 or higher. The malware presents itself through a fake CRM login page, prompting users to enter their employee ID. A subsequent message urges the user to reinstall the application, which is when Chameleon makes its move, infecting the device.
Once installed, the malware directs victims to a fraudulent website that solicits employee credentials. Operating stealthily in the background, Chameleon employs keylogging to harvest credentials and other sensitive data. This information can then be weaponized for additional cyberattacks or sold in the dark corners of the internet.
The Threat Fabric report also highlights recent instances where Chameleon has impersonated security applications, convincing users to install a security certificate purportedly issued by a bank. This tactic has been observed in attacks on financial institution customers and has previously targeted various entities in Australia, Italy, Poland, and the United Kingdom.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
