Another potent malware has appeared online aiming at Android users. Identified as “Infamous Chisel,” the malware currently targets Android users from the Ukrainian military. However, while the campaign presently seems specifically directed against a nation, it may evolve into a more widespread malware campaign.
CISA Warns Of New Infamous Chisel Android Malware
The US CISA has warned Android users to stay wary of the newly discovered Infamous Chisel malware through a recent alert.
Referring to a joint malware analysis report from the US agencies (CISA, NSA, and FBI), together with New Zealand’s National Cyber Security Centre (NCSC-NZ), United Kingdom’s National Cyber Security Centre (NCSC-UK), the Canadian Centre for Cyber Security (CCCS), and the Australian Signals Directorate (ASD), the alert highlighted the narrowly-focused malware, presumably from Russian threat actor group “Sandworm,” aiming at the Ukrainian military.
Regarding the malware, Infamous Chisel operates over the Tor network, establishing a persistent connection to the target devices. During this period, the malware collects device information, such as the list of installed apps, particularly looking for apps specific to the Ukrainian military.
Moreover, it also exhibits network monitoring capabilities and provides SSH access to the threat actors. Besides, it also manages SCP file transfer, steals stored credentials, tracks location, collects files, and exfiltrates communication data.
To manage all these functionalities, Infamous Chisel includes various components that the malware analysis report describes.
Although the malware exhibits serious malicious capabilities, the researchers found it missing out on obfuscation. That means detecting the malware attack is possible with less effort. However, the attackers, according to the report, may have intentionally ignored this aspect since Android devices often lack a host-based detection system.
It currently remains unclear how the malware manages to reach the target devices.
Presently, Infamous Chisel particularly targets the Ukrainian military, indicating its potential use as another weapon for the ongoing Ukraine-Russia conflict. However, this specificity can expand to include other victims from different regions at any time. Therefore, all Android users must remain careful when interacting with unsolicited links or apps from unknown sources to avoid such threats.
Let us know your thoughts in the comments.