Russian Android Malware & Crypto Funding

State-Backed Russian Malicious Software

A fresh variant of malware has surfaced, with its sights set on Android devices wielded by Ukrainian military personnel. This insidious malware, Infamous Chisel by name, is designed to surreptitiously infiltrate compromised devices. Its specialized capabilities encompass file scanning, network traffic monitoring, and periodic extraction of sensitive information from the compromised mobile units.

This malicious software has been attributed to the activities of Sandworm, a cyber warfare unit operating under the umbrella of the GRU, Russia's military intelligence agency.

The purloined data comprises details from the directories of popular applications such as Binance, Coinbase, and the Trust Wallet app. Notably, the report underscores that all files within these mentioned directories are being indiscriminately siphoned, regardless of their file format.

Eric Goldstein, the Executive Assistant Director for Cybersecurity at CISA, emphasized that the U.S. government has been consistently denouncing Russian actors who have been engaged in various malevolent cyber endeavors directed at both the U.S. and its allied partners, driven by motives of cyber espionage and potential disruptive actions. Goldstein further elaborated,

"The collaborative report released today underscores the immense value of extensive cooperation with our international allies in the realm of cyber defense. It underscores the imperative for all organizations to maintain vigilance, with their defenses at the ready, to detect and counter Russian cyber activities. Furthermore, it underscores the ongoing significance of focusing on sustaining operational resilience under all conceivable circumstances."

Additionally, the report uncovered that the constituent elements of Infamous Chisel exhibit a rather modest to moderate degree of sophistication, seemingly designed with minimal regard for evading detection or concealing nefarious operations.

Despite the absence of rudimentary obfuscation or stealth techniques to cloak their activities, the malevolent actors may have deemed such precautions superfluous, especially given that numerous Android devices lack an integrated host-based detection system, as elucidated in the report.

Russian Military Secures $20 Million in Cryptocurrency Financing

Russian fundraising groups have managed to amass an impressive $20 million in cryptocurrencies, despite facing sanctions imposed by the United States and other nations.

A staggering 80% of the funds associated with these sanctioned pro-Russian entities were traced back to centralized cryptocurrency exchanges, signifying the prevalent utilization of these platforms for managing assets. Beyond these centralized exchanges, these entities also engaged with decentralized finance (DeFi) protocols, including cross-chain bridges, NFT services, and decentralized exchanges (DEXes).