AUS
NZ
UK
CA
USA
IND
_11_13_2025_18_02_02_174695.jpg)
The US National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the UK National Cyber Security Centre (NCSC) have jointly released an advisory report cautioning users to remain vigilant against newly discovered malware that is being used to target cryptocurrency wallets and exchanges.
The advisory report revealed a malware campaign conducted by Russian cyber actors against the Ukrainian military.
Russian State-Sponsored Malware:
A new strain of malware, known as Infamous Chisel, has been designed to target Android devices used by Ukrainian military personnel. This malware allows unauthorized access to compromised devices and is specifically engineered to scan files, monitor network traffic, and periodically extract sensitive data from compromised mobile devices.
The malware has been linked to the activities of Sandworm, a cyber warfare unit operating under the GRU, which is Russia's military intelligence agency.
The stolen data includes information from directories associated with Binance and Coinbase exchange applications, as well as the Trust Wallet app. The report also highlights that all files within these listed directories are being exfiltrated indiscriminately, regardless of their file type.
CISA Executive Assistant Director for Cybersecurity, Eric Goldstein, stated that the US government has been calling out Russian actors involved in various malicious cyber activities aimed at the US and its allied partners, including cyber espionage and potential disruptive actions. Goldstein further emphasized the importance of international collaboration in defending against Russian cyber activity and the need for organizations to maintain operational resilience under all conditions.
Additionally, the report found that the components of Infamous Chisel exhibit a low to medium level of sophistication and appear to have been created with minimal attention to evading detection or concealing malicious actions.
Despite the lack of basic obfuscation or stealth techniques in the malware's components, the actors may have considered such measures unnecessary, given that many Android devices lack a host-based detection system, as explained in the report.
Russian Military Secures $20 Million in Crypto Funding:
It has been discovered that fundraising groups in Russia have amassed $20 million in cryptocurrencies, despite sanctions imposed by the US and other countries.
More than 80% of the funds associated with sanctioned pro-Russian entities were traced to centralized cryptocurrency exchanges, indicating that these exchanges were the most common venue for these assets. In addition to centralized platforms, these entities also interacted with decentralized finance (DeFi) protocols, including cross-chain bridges, NFT services, and decentralized exchanges (DEXes).
