[WARNING] Infamous Chisel (malware) steals crypto wallets data!

satscraper

hero member

Activity: 714

Merit: 1298

Cashback 15%

Quote from: m2017 on September 07, 2023, 12:18:47 PM

Well, another reason to avoid mobile crypto wallets. Crypto traders rush to buy Apple smartphones.

After all, they were not struck by this infection, right.

Modern laptops (netbooks) are compact in size, which allows to work with cryptocurrencies almost anywhere in the world and allow to build a safe line of defense on device. Why use mobile phones to interact with cryptocurrencies when doing so is risky? I also think it's reckless.

Apple devices are also vulnerable and should not be considered as the secure stronghold of cryptocurrencies safety. Just a couple of days ago the security experts have found multiple vulnerabilities in Apple products that allows not authorized penetrations into devices and execution of arbitrary codes.

Regarding Android's devices, the list of the latest vulnerabilities found is revealed by Google in its September security bulletin.

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

Quote from: m2017 on September 07, 2023, 12:18:47 PM

Well, another reason to avoid mobile crypto wallets. Crypto traders rush to buy Apple smartphones.

After all, they were not struck by this infection, right.

Modern laptops (netbooks) are compact in size, which allows to work with cryptocurrencies almost anywhere in the world and allow to build a safe line of defense on device. Why use mobile phones to interact with cryptocurrencies when doing so is risky? I also think it's reckless.

Simply because of convenience. Mobile wallets aren't necessarily bad despite the risks in the first place. Like, why use your physical pocket wallet knowing that you can risk losing it? Exactly, you use your mobile wallet for smaller amounts of funds so it's easily accessible when on-the-go; if you're fortunate enough to be in a country with bitcoin/crypto-supported payments.

m2017

legendary

Activity: 1792

Merit: 1296

keep walking, Johnnie

Well, another reason to avoid mobile crypto wallets. Crypto traders rush to buy Apple smartphones.

After all, they were not struck by this infection, right.

Modern laptops (netbooks) are compact in size, which allows to work with cryptocurrencies almost anywhere in the world and allow to build a safe line of defense on device. Why use mobile phones to interact with cryptocurrencies when doing so is risky? I also think it's reckless.

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: Yamane_Keto on September 06, 2023, 04:19:26 AM

and you need root privileges to access electrum files.

Not sure how root access is being processed if your device is infected with malware. Regardless of whether it is possible or not, using a secure device should be the priority for most users.

Quote from: UmerIdrees on September 06, 2023, 08:56:35 PM

Are you sure the open source wallet like Unstoppable on my andriod phone is not affected and is save? Also, wallet like Unstoppable does not have a desktop version so the only option to use them is on the Android or iOS device. So what are the tips for using them ?

Also for this malware to get activated, you need to click on any suspicious link and it gets downloaded Huh

Anyone using the phone with care, not clicking unknown links may be safe from this attack ?

The best protection is to use a secure device as mentioned above. Whether the malware will target new open-source wallets or not, you should be able to prevent any hack if you don't click on malicious links. For this specific malware, the distribution method is quite unclear based on the news that I've read. Safe to assume it is distributed through similar means like fake app downloads, phishing links, etc. If you use a phone as your main device, then you should focus more on improving your security practices. At the end of the day, you should make sure your device is free from malware etc regardless if you use a crypto wallet or not.

UmerIdrees

hero member

Activity: 2226

Merit: 834

Quote from: cygan on September 04, 2023, 11:33:03 AM

the stolen data also includes information about crypto wallets and exchange accounts. affected are said to be: Binance, Coinbase, PayPal and Trust Wallet.

I am not too worried about the exchanges app because no one can log in, until it is authenticated by the 2fa and the same goes for the withdrawals (also i do not keep much funds in the exchanges) but my real concern is in other walllets like Trust wallet. Are you sure the open source wallet like Unstoppable on my andriod phone is not affected and is save? Also, wallet like Unstoppable does not have a desktop version so the only option to use them is on the Android or iOS device. So what are the tips for using them ?

Also for this malware to get activated, you need to click on any suspicious link and it gets downloaded Huh

Anyone using the phone with care, not clicking unknown links may be safe from this attack ?

Yamane_Keto

sr. member

Activity: 406

Merit: 443

Quote from: joniboini on September 05, 2023, 10:56:49 PM

Is it possible that the attacker rewrote the code to specifically target Electrum devices, or just expand their attack targets in general? Even if that is not possible, it is still unsafe to keep running your Electrum on an infected devices. Who knows what kind of malware it will download in the future, not to mention they still collect data about you regardless of what wallet you use.

It's all possible but Binance, Coinbase, PayPal and Trust Wallet don't care about customer privacy and I think they will exploit such attacks as evidence that if users' data is leaked, they can easily say that the reason is Infamous Chisel (malware) just as they do with third party applications that share data With them. and you need root privileges to access electrum files.

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: Yamane_Keto on September 05, 2023, 02:37:49 AM

according to report information is written to the various files in the /data/local is affected, this means that electrum is not affected.

Is it possible that the attacker rewrote the code to specifically target Electrum devices, or just expand their attack targets in general? Even if that is not possible, it is still unsafe to keep running your Electrum on an infected devices. Who knows what kind of malware it will download in the future, not to mention they still collect data about you regardless of what wallet you use.

Yamane_Keto

sr. member

Activity: 406

Merit: 443

The report is 35 pages long, so I only read part of it, but do these applications need malware to steal your data? Binance, Coinbase, PayPal and Trust Wallet. They are all closed source services, and no one knows the data they collect about you, and the report did not mention an open source wallet.

Quote from: cygan on September 04, 2023, 11:33:03 AM

IC allows access to infected devices, whose message traffic it monitors and siphons off data at regular intervals. the stolen data also includes information about crypto wallets and exchange accounts. affected are said to be: Binance, Coinbase, PayPal and Trust Wallet.

If we assume that there are open source wallets, Android operating system contains features to enhance privacy, although it is better to run a full node on any Linux OS.
according to report information is written to the various files in the /data/local is affected, this means that electrum is not affected.

Code:

• com.brave.browser
• com.opera.browser
• com.paypal.android.p2pmobile
• com.binance.dev
• com.coinbase.android
• com.wallet.crypto.trustapp
• org.mozilla.firefox
• com.whatsapp
• org.telegram.messenger
• org.telegram.messenger.web
• com.discord

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: sheenshane on September 04, 2023, 07:59:07 PM

As I can see this article it seems there are too many ways you might be affected.

At the very least one group distributes this malware using a debugging tool[1], probably by packaging it through some debugging tool for those who are interested on Android debugging. It is also possible that is spread through the Google Play Store as usual since they are terrible at filtering malware apps. Just recently there are fake Telegram and Signal apps being removed because they contain malware[[2]. CMIIW.

[1] https://www.theregister.com/2023/08/31/sandworm_infamous_chisel/
[2] https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/

sheenshane

legendary

Activity: 2366

Merit: 1206

Thanks for the heads up.

We shouldn't use apps from unknown sources and this proves that using mobile isn't safe at all when it comes to the crypto wallet or any valuable stuff, it's always prone to malware infection since we usually use our phones daily.

So this could be sent through links right?
As I can see this article it seems there are too many ways you might be affected.

Hispo

legendary

Activity: 1162

Merit: 2025

Leading Crypto Sports Betting & Casino Platform

Quote from: Sim_card on September 04, 2023, 02:22:01 PM

This attack is only for mobile phone users who have their exchange app in their phones and uses it. This shows that most crypto users uses mobile phones to have access to exchanges more than PC. We need to be very careful, especially those of us that prefer using mobile phones for our transactions since we are the target. It is very bad that scammers are looking for every means to steal from investors causing panic on the people. It is better than to stay away from links that we are not expecting and avoid clicking on them.

To be fair, exchanges like Binance have been trying to catch up on the sophistication of this malware attacks, so only the actual owner of the account is able to withdraw Bitcoin off to a personal address. For example, there is 2 factor authentication with physical tokens (which the attacker wont have access to), there is also a feature called "white list"(addresses which the user is allowed to withdraw without going through harder verification), even if the person does not have a physical token to access their money, usually Binance requires three 2FA before approving an on-chain withdrawal: SMS to one's phone number, email confirmation and electronic token.

It would would be quite a hassle for a hacker to get all of it, though I understand it is possible.
The worst case scenario would be getting my satoshis exchanged for shitcoins.

Sim_card

sr. member

Activity: 406

Merit: 360

This attack is only for mobile phone users who have their exchange app in their phones and uses it. This shows that most crypto users uses mobile phones to have access to exchanges more than PC. We need to be very careful, especially those of us that prefer using mobile phones for our transactions since we are the target. It is very bad that scammers are looking for every means to steal from investors causing panic on the people. It is better than to stay away from links that we are not expecting and avoid clicking on them.

hopenotlate

legendary

Activity: 3304

Merit: 1221

Top Crypto Casino

All these increasingly sophisticated attack vectors is what prevents cryptocurrencies from truly being within the reach of everyone in everyday life. We must always be informed and updated to try to avoid the "arrows" that are thrown at us from all directions.
It is discouraging to approach this rather complex world, invest some savings and then have it blown from under your nose.

BitcoinGirl.Club

legendary

Activity: 2702

Merit: 2645

Farewell LEO: o_e_l_e_o

Quote from: cygan on September 04, 2023, 11:33:03 AM

please pay attention and be very careful when using the many crypto apps that are available for your mobile phones.

I don't use any mobile wallet.
Some exchanges app are installed on my phone but none of the exchange have even $100 from me.
The email address I use in the mobile is a trough-away address, I don't mind if I receive emails from spammers in this inbox.
But yes the emails that used in the exchanges accounts, are important to me. Although I really do not click links sent by even a known service unless I am expecting a link like verify login, approve withdrawal.

cygan

legendary

Activity: 3122

Merit: 7618

Cashback 15%

the russian malware 'infamous chisel', which specifically targets android mobile phones, is currently circulating and grabbing crypto data from wallets and even exchanges.
IC allows access to infected devices, whose message traffic it monitors and siphons off data at regular intervals. the stolen data also includes information about crypto wallets and exchange accounts. affected are said to be: Binance, Coinbase, PayPal and Trust Wallet.

it's up to each user to decide for themselves whether they want to use their mobile phone to conduct this type of business and install all the stock market apps. personally, i think it's far too dangerous and irresponsible.

https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/infamous-chisel/NCSC-MAR-Infamous-Chisel.pdf
https://latesthackingnews.com/2023/09/04/new-infamous-chisel-malware-targets-android-users-in-state-backed-campaign/

please pay attention and be very careful when using the many crypto apps that are available for your mobile phones.

Topic: [WARNING] Infamous Chisel (malware) steals crypto wallets data! (Read 169 times)