Several U.S. and U.K. intelligence agencies have released a joint advisory report warning users about a newly identified malware known as “Infamous Chisel,” specifically designed to target Android devices.

Malware Linked to Sandworm Group

The report reveals that the malware, Infamous Chisel, has been attributed to the Sandworm group, a cyberwarfare unit operating under Russia’s military intelligence agency, GRU. The group has been actively targeting Android devices, particularly those belonging to the Ukrainian military, using this malware to extract sensitive information from compromised mobile devices.

Directories where information were extracted by the malware. Source: National Cyber Security Centre

Crypto Wallets and Exchanges at Risk

Notably, the malware has been found to target data within the directories of popular cryptocurrency exchange applications such as Binance and Coinbase, as well as the Trust Wallet application. Infamous Chisel indiscriminately exfiltrates all files within the listed directories, regardless of their type or content.

One significant observation in the report is that the components of the Infamous Chisel malware lack adequate concealment techniques to hide its malicious activities. This may be attributed to the absence of host-based detection systems for Android devices, leaving them vulnerable to such attacks.

Escalating Crypto-Related Losses

The warning about Infamous Chisel comes amidst a backdrop of increasing crypto-related losses due to exploits, hacks, and scams. According to a recent report by blockchain security firm CertiK, nearly $1 billion has been lost in 2023 alone, with $45 million lost in August. While the losses remain substantial, they represent a decrease compared to the previous month when over $486 million in digital assets fell victim to malicious attacks.

As the crypto landscape faces evolving threats, vigilance and cybersecurity measures become paramount for users and organizations involved in the cryptocurrency space.