FBI and GCHQ issue joint advisory on Russian malware targeting crypto wallets

FBI and GCHQ Issue Joint Advisory on Russian Malware Targeting Crypto Wallets

Most read

Loading Most Ready posts..


  • A joint advisory from the FBI, NSA, CISA, and the UK’s NCSC has warned about a new malware called Infamous Chisel, linked to Russia’s GRU military intelligence agency, that targets cryptocurrency wallets and exchange apps on Android devices.
  • The malware specifically seeks out directories related to popular crypto applications like Brave, Binance, Coinbase, and the Trust crypto wallet, as well as communication platforms Telegram and Discord. It also targets the Android Keystore system for storing private keys.
  • Despite its low to medium sophistication and lack of stealth techniques, the malware poses a significant threat to digital assets, especially as it comes at a time when cybercriminals are increasingly targeting valuable digital assets, including cryptocurrencies.

A joint advisory report from the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the UK’s National Cyber Security Centre (NCSC) has shed light on a new malware strain known as Infamous Chisel. This malware is specifically designed to target cryptocurrency wallets and exchange applications.

The malware has been linked to a hacking unit within Russia’s GRU military intelligence agency known as Sandworm. 

According to the joint advisory report, Sandworm has previously targeted the Ukrainian military. Infamous Chisel is engineered to compromise Android devices, providing continuous access via the Tor network. Once installed, the malware periodically gathers and transmits data from the affected devices. The advisory report indicates that the malware is part of a broader campaign to target financial assets, including cryptocurrencies.

Malware targets major crypto apps and Android Keystore system

Infamous Chisel is not indiscriminate in its approach. It specifically searches for directories related to popular cryptocurrency applications such as Brave, Binance, Coinbase, and the Trust crypto wallet. Additionally, it targets communication platforms like Telegram and Discord. The malware also aims at the Android Keystore system, which is used for storing private keys. Every file in these targeted directories is extracted, posing a significant threat to the security of digital assets.

Despite its potentially devastating impact, the components used by Infamous Chisel are of low to medium sophistication and lack basic obfuscation or stealth techniques. This suggests that the actors behind the malware may not deem such concealment necessary, given that many Android devices lack a host-based detection system. 

The advisory comes at a time when digital assets are becoming increasingly valuable, attracting the attention of cybercriminals. Last month, security researchers issued warnings about malware aimed at stealing Apple users’ crypto assets through fake blockchain games.

In addition, nearly $1 billion has been lost to scams, hacks, and exploits in 2023, Cryptopolitan reported.

The joint advisory serves as a critical reminder of the escalating threats in the crypto space and underscores the need for enhanced cybersecurity measures.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Share link:

Damilola Lawrence

Damilola is a crypto enthusiast, content writer, and journalist. When he is not writing, he spends most of his time reading and keeping tabs on exciting projects in the blockchain space. He also studies the ramifications of Web3 and blockchain development to have a stake in the future economy.

Stay on top of crypto news, get daily updates in your inbox

Related News

Subscribe to CryptoPolitan