A joint advisory report from the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the UK’s National Cyber Security Centre (NCSC) has shed light on a new malware strain known as Infamous Chisel. This malware is specifically designed to target cryptocurrency wallets and exchange applications.
The malware has been linked to a hacking unit within Russia’s GRU military intelligence agency known as Sandworm.
According to the joint advisory report, Sandworm has previously targeted the Ukrainian military. Infamous Chisel is engineered to compromise Android devices, providing continuous access via the Tor network. Once installed, the malware periodically gathers and transmits data from the affected devices. The advisory report indicates that the malware is part of a broader campaign to target financial assets, including cryptocurrencies.
Malware targets major crypto apps and Android Keystore system
Infamous Chisel is not indiscriminate in its approach. It specifically searches for directories related to popular cryptocurrency applications such as Brave, Binance, Coinbase, and the Trust crypto wallet. Additionally, it targets communication platforms like Telegram and Discord. The malware also aims at the Android Keystore system, which is used for storing private keys. Every file in these targeted directories is extracted, posing a significant threat to the security of digital assets.
Despite its potentially devastating impact, the components used by Infamous Chisel are of low to medium sophistication and lack basic obfuscation or stealth techniques. This suggests that the actors behind the malware may not deem such concealment necessary, given that many Android devices lack a host-based detection system.
The advisory comes at a time when digital assets are becoming increasingly valuable, attracting the attention of cybercriminals. Last month, security researchers issued warnings about malware aimed at stealing Apple users’ crypto assets through fake blockchain games.
In addition, nearly $1 billion has been lost to scams, hacks, and exploits in 2023, Cryptopolitan reported.
The joint advisory serves as a critical reminder of the escalating threats in the crypto space and underscores the need for enhanced cybersecurity measures.