- Multiple intelligence agencies have warned about a new malware.
- The malware is synonymous with targeting Android-based devices.
- Users are urged to stay cautious as the malware hides in plain sight.
Multiple government and intelligence agencies, including the Federal Bureau of Investigations (FBI), have issued a joint report warning users of a new malware used by hackers to target crypto wallets.
Other intelligence bodies that have contributed to the report include the National Cyber Security Centre (NCSC) of the United Kingdom Government Communications Headquarters (GCHQ), the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency (CISA).
The Infamous Chisel Malware
According to the report, an emerging malware dubbed “Infamous Chisel” emanates from cyber hack activities tied to an actor within Russia’s GRU military intelligence, the Sandworm, and has been previously used to target mobile devices associated with Ukrainian military personnel.
“Infamous Chisel is a collection of components which enable persistent access to an infected Android device over the Tor network and which periodically collates and exfiltrates victim information from compromised devices,” the report read.
As a non-conventional data extraction tool, the malware can be used to retrieve, copy, and transfer data sets connected to specific application directories on an infected device, including those related to Discord, Telegram, Trust Wallet, Brave, Coinbase, and Binance apps.
Masking in Plain Sight
While the report noted that the malware’s design is subpar in obfuscating malicious activities, Infamous Chisel presents a serious security threat, given that most Android mobile devices lack a host-based detection system to smoke it out following an intrusion.
Infamous Chisel has other capabilities, including network monitoring and traffic collection, scanning and SCP file transfer, and Secure Shell (SSH) access.
With digital assets appreciating value and adoption, cybercriminals have been devising new ways of overriding security protocols.
Blockchain security firm CertiK revealed on September 1 that the crypto industry has lost around $997 million to exploits, hacks, and scams in 2023.
Read how Ronaldinho distanced himself from a $61M crypto scam:
Learn about prevalent types of crypto scams that you should be wary of: