Russian Malware Aims at Cryptocurrency Wallets: Joint Alert Issued by US and UK Intelligence Agencies

The US National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the UK National Cyber Security Centre (NCSC) have published a collaborative report warning users to stay alert against newly identified malware that is being utilized to target cryptocurrency wallets and exchanges.

The advisory report revealed a malware operation carried out by Russian cyber actors aimed at the Ukrainian military.

Russian State-Sponsored Malware

A novel variant of malware has been developed to target Android devices utilized by Ukrainian military personnel. This malware, referred to as Infamous Chisel, enables unauthorized access to compromised devices and is specifically designed to scan files, observe network traffic, and periodically extract sensitive information from infiltrated mobile devices.

The malware has been associated with the activities of Sandworm, a cyberwarfare unit operating under the GRU, which is part of Russia’s military intelligence agency.

The compromised data includes information from directories of Binance and Coinbase exchange applications, as well as the Trust Wallet app. The report also noted that all files within these specified directories are being exfiltrated indiscriminately, irrespective of their file type.

CISA Executive Assistant Director for Cybersecurity Eric Goldstein stated that the US government has been highlighting the actions of Russian actors involved in various harmful cyber activities targeting the US and allied partners for “cyber espionage and potential disruptive actions.” The official further remarked,

“Today’s joint report reflects the value of deep collaboration across our international cyber defense partners, the need for all organizations to keep their Shields Up to detect and mitigate Russian cyber activity, and the importance of continued focus on maintaining operational resilience under all conditions.”

Additionally, the report found that the components of Infamous Chisel demonstrate a low to medium level of sophistication and appear to have been developed with minimal focus on evading detection or hiding malicious actions.

Although the components lack fundamental obfuscation or stealth techniques to mask activity, the actor may have deemed such measures unnecessary, considering that many Android devices do not possess a host-based detection system, the report clarified.

Russian Military Secures $20 Million in Crypto Funding

Fundraising groups in Russia have accumulated $20 million in cryptocurrencies despite sanctions imposed by the US and other nations.

More than 80% of the funds linked to sanctioned pro-Russian entities were traced back to centralized crypto exchanges, indicating that these platforms were the most prevalent venue for the assets. In addition to these centralized exchanges, the entities also engaged with DeFi protocols, including cross-chain bridges, NFT services, and decentralized exchanges (DEXes).

SPECIAL OFFER (Sponsored) Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).
PrimeXBT Special Offer: Use this link to register & enter CRYPTOPOTATO50 code to receive up to $7,000 on your deposits.