State-Sponsored Spyware “Infamous Chisel” Targets Android Devices
In a significant development for global cybersecurity, a sophisticated new malware toolkit has been uncovered, designed specifically to spy on Android mobile devices. This campaign has been attributed to a well-known and highly capable threat actor, revealing the evolving landscape of mobile cyber espionage.
The malware, dubbed “Infamous Chisel,” is a collection of components engineered to enable unauthorized access and data exfiltration from compromised Android phones and tablets. Intelligence reports from the UK’s National Cyber Security Centre (NCSC) and its “Five Eyes” partners have linked this activity directly to a state-sponsored cyber unit.
Who is Behind the Attack?
The group responsible for deploying “Infamous Chisel” is a threat actor publicly tracked as Sandworm. This group is widely understood to be a cyber warfare unit operating within Russia’s GRU military intelligence agency. Sandworm has a long history of conducting disruptive and destructive cyberattacks against a range of international targets, making their venture into mobile malware a serious concern for security professionals worldwide.
This latest campaign appears to be highly targeted, with evidence suggesting its use against the Ukrainian military to gain battlefield intelligence. The public attribution of this malware is part of a coordinated effort by Western intelligence agencies to expose and disrupt malicious cyber operations.
How the “Infamous Chisel” Malware Works
Unlike common consumer-grade malware, “Infamous Chisel” is a complex toolkit designed for stealth and persistence. Its primary goal is to maintain long-term access to a device while periodically scanning for and stealing sensitive information.
The malware’s capabilities include:
- Persistent Access: To ensure it remains on the device even after a reboot, the malware replaces a legitimate system daemon on the Android operating system. This grants it deep, persistent control over the infected device.
- Systematic Data Collection: Once active, the malware regularly scans the device’s file system, searching for files that match a predefined set of criteria. This includes military documents, maps, and other sensitive data.
- Covert Data Exfiltration: To hide its activity, “Infamous Chisel” funnels the stolen data out through the Tor network. This anonymizing network makes it extremely difficult to trace the traffic back to the attackers’ command-and-control (C2) servers.
- Network Monitoring: The tool actively monitors network traffic and provides the attackers with information about the compromised device’s connections and activity.
This combination of features demonstrates a high level of sophistication aimed at conducting targeted espionage operations without being detected.
Protecting Your Devices: Actionable Security Tips
While “Infamous Chisel” has been observed in a targeted military context, its components and techniques serve as a stark reminder of the security risks facing all Android users. Protecting your mobile devices is more critical than ever.
Here are essential security measures you can take to defend against advanced mobile threats:
- Avoid Unofficial App Stores: Only download applications from the official Google Play Store. Malware is frequently distributed through third-party stores or direct downloads from untrusted websites.
- Scrutinize App Permissions: When installing a new app, carefully review the permissions it requests. If an app asks for access to data it shouldn’t need (e.g., a simple calculator app asking for access to your contacts), do not install it.
- Keep Your System and Apps Updated: Software updates are crucial. They often contain patches for critical security vulnerabilities that attackers exploit. Enable automatic updates for your Android OS and all installed applications.
- Use a Reputable Mobile Security Solution: A quality mobile antivirus or security app can help detect and block malicious applications and activities before they can cause harm.
- Implement Mobile Device Management (MDM): For organizations, an MDM solution is essential. It allows administrators to enforce security policies, manage app installations, and remotely wipe a device if it is lost or compromised.
The emergence of state-sponsored malware like “Infamous Chisel” underscores the reality that mobile devices are high-value targets. By practicing strong security hygiene and remaining vigilant, users and organizations can build a robust defense against even the most sophisticated threats.
Source: https://go.theregister.com/feed/www.theregister.com/2025/07/20/uk_microsoft_snooping_russia/
