New Russian malware, dubbed ‘Infamous Chisel,’ identified targeting Binance, Coinbase, and Trust wallets New Russian malware, dubbed ‘Infamous Chisel,’ identified targeting Binance, Coinbase, and Trust wallets
The U.K.'s National Cyber Security Centre (NCSC) announced the thread on September 1st, linking the threat to the Russian state-sanctioned hacker group, 'Sandworm,'
1 min read
Updated: Sep. 1, 2023 at 9:57 pm UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
Newly discovered malware dubbed “Infamous Chisel” targets crypto wallets and other Android apps, according to a U.K. government report on Sept. 1.
The U.K.’s National Cyber Security Centre (NCSC) said that the malware works by scanning various directories on infected mobile devices and exfiltrating data.
The malware is known to extract data from at least three cryptocurrency wallets: Binance App, Coinbase Wallet, and Trust Wallet. Infamous Chisel also extracts data from the Brave and Opera browsers, both of which have cryptocurrency features.
Because the malware is capable of extracting data in general, other apps are also targeted. PayPal, Dropbox, Firefox, Telegram, Skype, WhatsApp, Discord, Viber, and Google Chrome are among the other apps that are vulnerable to attack. A total of 35 application directories, including certain Android system directories, are scanned.
The National Cyber Security Centre’s report did not explicitly state that any data stolen from those apps could allow attackers to steal cryptocurrency, nor did it state whether Infamous Chisel has led to the theft of any cryptocurrency at all. It is possible that any information stolen does not provide attackers with full access to crypto accounts.
Russia’s Sandworm is behind the threat
The latest report notes that Infamous Chisel is associated with Sandworm, a state-sponsored hacker group that is part of Russia’s military intelligence service, GRU. The group is also known by other names including Telebots, Voodoo Bear, and Iron Viking. The group notably launched a high-profile ransomware attack against Ukraine in November 2022 and has carried out other earlier attacks as well.
Sandworm is currently using Infamous Chisel to steal information related to the Ukrainian military. The latest report does not describe any profit motives.
Various international cybersecurity groups have recognized the threat, including those in the U.S., the U.K., New Zealand, Canada, and Australia.
Author 
Mike Dalton
Before transitioning to crypto writing in 2018, Mike studied library and information sciences. Currently, he resides on Canada's West Coast.
Editor Editor 
Jacob Oliver
Jacob Oliver is a recovering academic and English teacher turned crypto journalist and web3 writer. He holds a Ph.D. from the University of Washington.
