A new malware called Infamous Chisel has been discovered that targets crypto wallets and other Android apps. The malware was first identified by the U.K.’s National Cyber Security Centre (NCSC) in a report published on September 1, 2023.
Infamous Chisel works by scanning various directories on infected mobile devices and exfiltrating data. The malware is known to extract data from at least three cryptocurrency wallets: Binance App, Coinbase Wallet, and Trust Wallet. It also extracts data from the Brave and Opera browsers, both of which have cryptocurrency features. In addition, the malware can target other apps, such as PayPal, Dropbox, Firefox, Telegram, Skype, WhatsApp, Discord, Viber, and Google Chrome. A total of 35 application directories, including certain Android system directories, are scanned.
The NCSC’s report did not explicitly state that any data stolen from those apps could allow attackers to steal cryptocurrency. However, it is possible that the information could be used to gain access to crypto accounts or to track users’ cryptocurrency transactions.
The latest report also notes that Infamous Chisel is associated with Sandworm, a state-sponsored hacker group that is part of Russia’s military intelligence service, GRU. Sandworm is known for carrying out a number of high-profile cyberattacks, including the NotPetya ransomware attack in 2017, which caused billions of dollars in damage.
The NCSC’s report does not state why Sandworm is using Infamous Chisel to target crypto wallets and other Android apps. However, it is possible that the group is trying to steal cryptocurrency or to gather intelligence on cryptocurrency users.
Various international cybersecurity groups have recognized the threat posed by Infamous Chisel, including those in the United States, the United Kingdom, New Zealand, Canada, and Australia. Users are advised to be vigilant and to take steps to protect their devices from malware attacks.
Here are some tips for protecting your Android device from malware:
- Only download apps from trusted sources, such as the Google Play Store.
- Keep your device’s software up to date.
- Use a strong password and enable two-factor authentication for your device and your cryptocurrency accounts.
- Be careful about what links you click on and what files you open.
- Install a security app on your device.