Infamous Chisel, a new malware, is attacking crypto wallets on Android devices, posing serious security concerns for crypto users. The malware was discovered to be extracting sensitive data via the Tor network.
While there is no confirmation, the malware is suspected to be the work of Sandworm, a Russian agency.
Infamous Chisel focuses on crypto-related apps like Brave Browser, Coinbase, and Binance on Android devices. It also scans the Android Keystore system to find private crypto keys. The malware doesn't limit itself to crypto-related data; it also extracts information from various other apps, broadening its range of collected data.
Aside from targeting crypto wallets and apps, the malware has features that allow it to collect additional data. Every two days, it runs a script that pings other devices and monitors HTTP ports. HTTP ports are the channels through which processes interact with servers over network connections.
Additionally, the malware pulls data from other widely used apps like WhatsApp, Mozilla Firefox, Telegram, and PayPal. It also gathers hardware information about the targeted Android device.
A joint report by multiple security agencies, including the US National Security Agency and the UK's National Cyber Security Centre pointed out that while the malware is not highly sophisticated, it is still dangerous.
"The Infamous Chisel components are low to medium sophistication and appear to have been developed with little regard to defense evasion or concealment of malicious activity," noted the report.
Investigators are leaning towards the idea that Infamous Chisel may be a creation of Sandworm, a Russian military intelligence agency. The tool is believed to have been used previously for data extraction from
Read more on cryptonews.com