FBI, GCHQ joint report warns of crypto-targeting Infamous Chisel malware

Security • September 1, 2023, 6:42AM EDT
Published 1 minute earlier on
UPDATED: September 1, 2023, 6:55AM EDT
The Block

Quick Take

  • A joint advisory report from the FBI, NSA, CISA and GCHQ warns that new Russian Infamous Chisel malware targets include crypto wallets and exchange apps.
  • The malware is designed to siphon off digital assets and data from unsuspecting users and organizations via Android devices.

A joint advisory report revealed new Russian Infamous Chisel malware is being used to target cryptocurrency wallet and exchange applications, among other data.

The report was a combined effort of the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), the National Cyber Security Centre (NCSC), a part of the UK’s GCHQ, and others.

The malware is associated with activity linked to a hacking unit within Russia's GRU military intelligence agency known as Sandworm, which has been targeting the Ukrainian military, according to the report. It’s designed to allow continuous access to a compromised Android device via the Tor network and periodically gather and send out victim data from the affected devices.

As part of the unauthorized copying, transfer or retrieval of data, the malware searches for specific application directories on a device, including those related to the web3 browser Brave, Binance and Coinbase apps, the Trust crypto wallet and communications platforms Telegram and Discord. It also targets the Android Keystore system that lets users store private keys, and every file in the directories is extracted.

Hiding in plain sight

The components used by Infamous Chisel are of low to medium sophistication, developed with little regard for the concealment of the malicious activity, according to the report. “Although the components lack basic obfuscation or stealth techniques to disguise activity, the actor may have deemed this not necessary, since many Android devices do not have a host-based detection system,” the agencies said.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

However, “even with the lack of concealment functions, these components present a serious threat because of the impact of the information they can collect,” they added.

With digital assets becoming increasingly valuable, cybercriminals have been devising new methods to breach security protocols. Last month, security researchers issued warnings on malware aimed at stealing Apple users' crypto assets via fake blockchain games, for example.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

James Hunt is a reporter at The Block, based in the UK. As the writer behind The Daily newsletter, James also keeps you up to speed on the latest crypto news every weekday. Prior to joining The Block in 2022, James spent four years as a freelance writer in the industry, contributing to both publications and crypto project content. James’ coverage spans everything from Bitcoin and Ethereum to Layer 2 scaling solutions, avant-garde DeFi protocols, evolving DAO governance structures, trending NFTs and memecoins, regulatory landscapes, crypto company deals and the latest market updates. You can get in touch with James on Telegram or X via @humanjets or email him at [email protected].

Editor

To contact the editor of this story:
Tim Copeland at
[email protected]

More by James Hunt