In the age of digital currencies, threats continually evolve. The latest reports indicate harmful software of Russian origin that jeopardizes users’ cryptocurrency wallets.
The international community faces another cyber challenge – a software called “Infamous Chisel”. It is a specific tool designed to attack Android devices, targeting crypto wallets and cryptocurrency exchanges.
A report jointly issued by the US National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the UK’s National Cyber Security Centre (NCSC) advises particular caution against this newly discovered software.
However, what is particularly alarming is the discovery of a malware campaign conducted by Russian cyber actors against the Ukrainian military. The new malware strain is designed to attack Android devices used by the Ukrainian armed forces. “Infamous Chisel” allows unauthorized access to infected devices and is specifically designed to scan files, monitor network traffic, and periodically extract sensitive data from attacked mobile devices.
This virus has been linked to the operations of Sandworm, a cyber warfare unit operating under the aegis of GRU, the Russian military intelligence agency. Stolen data includes information from Binance and Coinbase exchange app directories and the Trust Wallet app. The report also emphasizes that all files in these directories are stolen, regardless of their type.
A statement by Eric Goldstein, Executive Director for Cybersecurity at CISA, underscores that the US government has repeatedly pointed out Russian hackers involved in various malicious cyber activities aimed against the US and its allies.
The report also notes that “Infamous Chisel” components show a medium level of sophistication and seem to be created without much concern for evasion or concealing malicious actions.
Although the “Infamous Chisel” software does not show advanced obfuscation technology, its creators might not have felt the need for such measures, considering that many Android devices lack advanced detection systems.
But that’s not the end of the story. Russian fundraising groups, despite sanctions, have acquired 20 million dollars in cryptocurrencies. Surprisingly, most of these funds were identified on major cryptocurrency exchanges, suggesting that these platforms remain the primary arena for such transactions. Additionally, DeFi protocols, cross-chain bridges, and NFT and DEX services were also involved.
Photo by Brady Bellini on Unsplash