Security News > 2023 > September > Russian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian Military

Russian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian Military
2023-09-01 10:05

Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military.

The malicious software, dubbed Infamous Chisel and attributed to a Russian state-sponsored actor called Sandworm, has capabilities to "Enable unauthorized access to compromised devices, scan files, monitor traffic, and periodically steal sensitive information."

Some aspects of the malware were uncovered by the Security Service of Ukraine earlier in August, highlighting unsuccessful attempts on part of Russian adversaries to penetrate Ukrainian military networks and gather valuable intelligence.

Infamous Chisel is described as a collection of multiple components that's designed with the intent to enable remote access and exfiltrate information from Android phones.

"The searching of specific files and directory paths that relate to military applications and exfiltration of this data reinforces the intention to gain access to these networks. Although the components lack basic obfuscation or stealth techniques to disguise activity, the actor may have deemed this not necessary, since many Android devices do not have a host-based detection system."

The government agency said the threat actor, which has repeatedly targeted Ukraine since 2013, is ramping up attacks on military and government entities with the goal of harvesting sensitive data relating to its counteroffensive operations against Russian troops.


News URL

https://thehackernews.com/2023/09/russian-state-backed-infamous-chisel.html