The US National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the UK National Cyber Security Centre (NCSC), have released a joint report cautioning users to remain vigilant against recently discovered malware that is being deployed to target crypto wallets and exchanges.
The advisory report unveiled a malware campaign conducted by Russian cyber actors against the Ukrainian military.
Russian State-Sponsored Malware
A new strain of malware designed to target Android devices used by Ukrainian military personnel. This malware, known as Infamous Chisel, allows unauthorized access to compromised devices and is specifically engineered to scan files, monitor network traffic, and periodically extract sensitive data from breached mobile devices.
The malware has been linked to the operations of Sandworm, a cyberwarfare unit working under the GRU, operating under Russia’s military intelligence agency.
The stolen data includes information from directories of Binance and Coinbase exchange applications, as well as the Trust Wallet app. The report also highlighted that all files within these listed directories are being exfiltrated indiscriminately, regardless of their file type.
CISA Executive Assistant Director for Cybersecurity Eric Goldstein said that the US government has been calling out Russian actors who have been involved in various malicious cyber activities aimed at US and allied partners for “cyber espionage and potential disruptive actions.” The official further stated,
“Today’s joint report reflects the value of deep collaboration across our international cyber defense partners, the need for all organizations to keep their Shields Up to detect and mitigate Russian cyber activity, and the importance of continued focus on maintaining operational resilience under all conditions.”
Besides, the report discovered that the components of Infamous Chisel exhibit a low to medium level of sophistication and seem to have been created with minimal attention to evading detection or concealing malicious actions.
Even though the components lack basic obfuscation or stealth techniques to disguise activity, the actor might have found such measures unnecessary, given that many Android devices lack a host-based detection system, the report explained.
Russian Military Secures $20 Million in Crypto Funding
The fundraising groups in Russia have amassed $20 million in cryptocurrencies despite sanctions imposed by the US and other countries.
Over 80% of the funds associated with sanctioned pro-Russian entities were traced to centralized crypto exchanges, indicating that they were the most common venue for the assets. In addition to these centralized platforms, the entities also interacted with DeFi protocols, including cross-chain bridges, NFT services, and DEXes.