Infamous Chisel malware, linked to Russia’s Sandworm agency, targets Android crypto users, extracting sensitive data from apps and emphasizing the need for better security.
Key Points
- Infamous Chisel, a new malware, targets Android devices via crypto-related apps and extracts sensitive data, including private keys, from various sources.
- This malware also collects additional data, monitors network connections, and gathers information from popular apps, posing a security risk.
- Suspected to be linked to the Russian agency Sandworm, Infamous Chisel is considered a dangerous threat despite its low to medium sophistication.
- While no specific crypto theft reports are available, this discovery highlights the importance of strong security measures and hardware wallets for cryptocurrency users.
Infamous Chisel, a recently discovered malware, is causing concerns among cryptocurrency users as it targets Android devices and extracts sensitive data through the Tor network.
The source of this malware is suspected to be Sandworm, a Russian agency known for its cyber attacks.
With U.S. & international partners, we released a report on Infamous Chisel mobile malware being used by Sandworm, Russian GTsST cyber threat actor, to target Ukrainian military’s Android devices to monitor traffic or steal sensitive info: https://t.co/isYggbSTre pic.twitter.com/nOvLSeJhlc
— Cybersecurity and Infrastructure Security Agency (@CISAgov) August 31, 2023
The Functioning of Infamous Chisel
Infamous Chisel focuses on crypto-related apps such as Brave Browser, Coinbase, and Binance on Android devices.
It also scans the Android Keystore system to search for private crypto keys. However, it doesn’t stop at crypto-related data but also collects information from various other apps, amplifying the range of infiltrated data.
Moreover, the malware possesses features that enable it to collect additional data. Every two days, it executes a script that monitors HTTP ports and pings other devices.
These ports serve as channels for process-server interactions over network connections.
Additionally, the malware retrieves data from popular apps like WhatsApp, Mozilla Firefox, Telegram, and PayPal. It also gathers hardware information from the targeted Android device.
A joint report by several security agencies, including the US National Security Agency and the UK’s National Cyber Security Centre, suggests that while Infamous Chisel may not be highly sophisticated, it remains a dangerous threat.
The report indicates that its components have low to medium sophistication and were developed with little consideration for evasion or concealment of malicious activity.
Suspected Origin
Investigators believe that Infamous Chisel may be the creation of Sandworm, a Russian military intelligence agency.
There is evidence to suggest that this tool has previously been employed to extract data from devices owned by the Ukrainian military.
Although no specific reports of crypto theft resulting from Infamous Chisel have surfaced, the presence of such malware raises concerns about the need for robust security measures in cryptocurrency transactions.
The discovery of Infamous Chisel further highlights the significance of key management and the use of hardware wallets for storing crypto keys.
Hardware wallets store the necessary keys separately from the user’s computer, adding an extra layer of protection against malware attacks.
In conclusion, Android users, particularly those involved in cryptocurrency, must remain vigilant regarding their security measures.
Infamous Chisel, although not highly advanced, has the capability to collect a wide range of data, making it a genuine threat that requires attention and appropriate precautions.
