Security News > 2023 > August > Kremlin-backed Sandworm strikes Android devices with data-stealing Infamous Chisel

Russia's Sandworm crew is using an Android malware strain dubbed Infamous Chisel to remotely access Ukrainian soldiers' devices, monitor network traffic, access files, and steal sensitive information, according to a Five Eyes report published Thursday.

Ukraine's security agency spotted and blocked Sandworm's latest campaign earlier this month when the Kremlin-backed cyber goons were attempting to use Infamous Chisel to break into the army's combat data exchange system.

FlyGram extracts basic hardware details, some Telegram info, and sensitive data on the device, such as contacts, call logs, and Google account details.

In today's analysis of the Russian malware, the UK National Cyber Security Centre, the NSA, the US government's CISA, the FBI, New Zealand's National Cyber Security Centre, the Canadian Centre for Cyber Security, and Australian Signals Directorate confirmed Ukraine's reports of Sandworm's new mobile malware.

Infamous Chisel is a collection of components designed to snoop on the infected device and provides persistent backdoor access via the Tor network.

Ukraine and international law enforcement continue to fight back, and in April 2022 the US Justice Department revealed details of a court-authorized take-down of command-and-control infrastructure Sandworm used to communicate with network devices infected by its Cyclops Blink botnet.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/08/31/sandworm_infamous_chisel/