According to a joint advisory report presented by the Federal Bureau of Investigation (FBI) and the National Cyber Security Centre (NCSC), a newly identified Russian malware under the name “Infamous Chisel” chiefly used to attack Ukraine army’s Android mobile phones, also targets crypto wallets and exchange applications.
As per the report, the malware was used by Sandworm, a hacking unit in Russia’s GRU military intelligence agency, to scan and extract confidential information from the Ukrainian military officers’ mobile phones. NCSC operations director Paul Chichester commented, “The exposure of this malicious campaign against Ukrainian military targets illustrates how Russia’s illegal war in Ukraine continues to play out in cyberspace”.
The report revealed that as the extraction of details from the affected device includes unauthorized copying, transfer, or retrieval of data, Infamous Chisel could target Binance and Coinbase applications, the Trust crypto wallet, the web3 browser Brave, as well as the social media platforms including Discord and Telegram. In addition, the report signaled that the malware also targets the Keystore system that helps users store private keys, by which Infamous Chisel could access every file.
The Infamous Chisel was created with “little regard for the concealment of the malicious activity”. However, the components’ low to medium sophistication does not hinder the malware’s attack on devices, as the report cited,
Although the components lack basic obfuscation or stealth techniques to disguise activity, the actor may have deemed this not necessary, since many Android devices do not have a host-based detection system.
Meanwhile, CertiK Alert, a leading platform that identifies crypto scams and exploits, shared a Twitter thread, providing insights on the increasing crypto scams that the market witnesses. According to the revelations, the month of August alone saw a total loss of $45.8 million due to crypto attacks, in which a massive $26 million is linked to exit scams. In addition, the losses caused by flash loans and exploits accounted for $6.4 million and $13.5 million respectively.
