In a coordinated effort, multiple intelligence agencies from the United States and the United Kingdom have jointly issued an advisory report, sounding the alarm regarding a recently uncovered malware strain named “Infamous Chisel,” meticulously crafted to target Android devices. This report serves as a crucial notification to the cryptocurrency community, illuminating the emergence of this cybersecurity menace.
Collaborating in this initiative, the U.S. National Security Agency (NSA), in conjunction with the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), has partnered with the United Kingdom’s National Cyber Security Centre (NCSC), which operates under the umbrella of the Government Communications Headquarters (GCHQ). Together, they have released this collective report addressing the “Infamous Chisel” malware.
As per the report, this malware has been linked to the activities of Sandworm, a cyberwarfare unit operating under the umbrella of GRU, Russia’s military intelligence agency. The report further reveals that Sandworm has set its sights on Android devices utilized by the Ukrainian military, utilizing this new malware to extract sensitive information from compromised mobile devices. Notably, the malware targets directories within well-known cryptocurrency applications, including Binance, Coinbase, and Trust Wallet. Intriguingly, it does not discriminate based on file type, indiscriminately exfiltrating every file within the specified directories.
Furthermore, the report accentuates a noteworthy trait of the “Infamous Chisel” malware – its absence of advanced stealth techniques to mask its malicious activities. The collaborating agencies posit that this lack of sophisticated concealment mechanisms could be attributed to the limited availability of host-based detection systems specifically tailored for Android devices, which the malware seems to exploit.
Simultaneously, the cryptocurrency community has witnessed significant financial losses in 2023 due to a plethora of exploits, hacks, and scams. Blockchain security firm CertiK has reported losses nearing $997 million year-to-date as of September 1, 2023. For August alone, these losses reached approximately $45 million due to malicious attacks. However, it is worth noting that these figures represent a substantial reduction compared to the preceding month, July, which saw losses surpassing $486 million in digital assets due to malicious activities.
This collaborative report serves as a poignant reminder of the ever-evolving cybersecurity landscape. It underscores the imperative need for all users, especially those immersed in the cryptocurrency domain, to maintain unwavering vigilance and implement robust security measures to safeguard their digital assets.
Disclaimer: This article is based on information available as of August 31, 2023. It is intended solely for informational purposes and should not be construed as providing cybersecurity, legal, or financial advice. Readers are encouraged to adopt appropriate security precautions and seek guidance from cybersecurity experts to bolster their online security.
Make a one-time donation
Your contribution is appreciated.
DonateMake a monthly donation
Your contribution is appreciated.
Donate monthlyMake a yearly donation
Your contribution is appreciated.
Donate yearly