Researchers: an updated Chameleon trojan uses an HTML page trick to disrupt biometrics on Android like Face Unlock to steal PINs and unlock the device at will (Bill Toulas/BleepingComputer)