Analysis Report on Infamous Chisel Malware


In the present-day conflict, cyberwarfare has become a force to reckon with. It is much more in evidence in the Russian-Ukraine war, where cybersecurity agencies of five countries have found a new malware called the Infamous Chisel. The new mobile malware is used by a threat actor known as Sandworm, which targets Android devices used by the Ukrainian military. The cybersecurity companies or agencies behind the discovery include the UK National Cyber Security Centre (NCSC), the U.S. National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), New Zealand’s National Cyber Security Centre (NCSC-NZ), the Canadian Centre for Cyber Security, and the Australian Signals Directorate (ASD). Previously, the above-mentioned organisations linked the Sandworm actor to the Russians, especially the Russian GRU’s Centre for Special Technologies.

Infamous Chisel comprises components that allow for ongoing access to an Android smartphone that has been infected over the Tor network. It routinely gathers and exfiltrates victim data from compromised devices. System device information, commercial application information, and Ukrainian military-specific apps make up the information that was exfiltrated. The virus checks the system on a regular basis for data and files that match a specified list of file extensions.

The Components of Infamous Chisel and Their Execution

By setting up and running Tor with a hidden service that leads to a modified Dropbear binary that offers an SSH connection, Infamous Chisel also offers remote access. The Infamous Chisel malware is made up of many parts. The functionality of killer, blob, and td for netd may be inferred from references between them. The SSH remote shell connection set up by netd is probably used for communication. On execution, the Infamous Chisel netd component enters a main loop that executes indefinitely, where various timers trigger the execution of different tasks. All timer actions are executed immediately on first execution and then at specified intervals.

How Can Businesses Prevent Malware Like the Infamous Chisel

Given the ramifications of malware like Infamous Chisel, businesses should strengthen their cybersecurity infrastructure. Manish Chaudhari, CISO of Cybernetic Global Intelligence, an internationally recognised cybersecurity firm providing cybersecurity services, claims that most organisations might go out of business as a result of the hefty expenses of data breaches caused by malware such as the Infamous Chisel. The only solution is to hire IT security consultants and put robust cybersecurity safeguards in place. These might entail abiding by legal requirements like PCI DSS QSA, ISO 27001, APRA CPS 234, ACSC Essential Eight, and many more.

Steps to Stop or Lessen Cybercrime

Using cutting-edge tools and methods, cybercriminals are becoming more intelligent. Businesses must thus pick up their game and stay one step ahead of hackers as a result. The following actions may be taken by enterprises to improve their IT security consulting posture:

Using complex passwords: Increasing security requires using complex passwords, using multi-factor authentication, and maintaining updated software. Regularly scanning networks for vulnerabilities and promptly patching any identified security weaknesses is essential.

Providing workforce training: Employees should be educated on identifying and reporting phishing emails, social engineering attacks, and other cybersecurity threats.

Complying with industry regulations: Adhering to relevant industry regulations, such as the Payment Card Industry Data Security Standard (PCI DSS), is crucial.

If a business enterprise lacks the resources or expertise to establish and maintain a robust cybersecurity programme, engaging the services of a cybersecurity company like Cybernetic Global Intelligence can be advantageous. As a globally accredited cybersecurity firm, Cybernetic Global Intelligence offers a range of services to assist businesses in improving their cybersecurity infrastructure and responding to cybercrime incidents. These services include:

Managed security services: Providing continuous monitoring and threat analysis to enable businesses to detect and respond to cybersecurity threats 24/7.

ISO 27001 certification: Assisting businesses in attaining ISO 27001 certification, an internationally recognised standard for information security management.

Risk assessments and security audits: Identifying and mitigating known cybersecurity risks and vulnerabilities through comprehensive assessments and audits.

Red team testing: Simulating cyberattacks to identify weaknesses in a business’s cybersecurity infrastructure.

PCI compliance consulting: Guiding businesses to achieve PCI compliance, a requirement for entities accepting credit cards.

Penetration testing: Identifying and addressing vulnerabilities that cybercriminals could exploit.


The Infamous Chisel’s components are of low to medium sophistication and don’t really seem to have been designed with defence evasion in mind. The desire to access these networks is strengthened by the scanning of certain files and directory paths related to military applications and the exfiltration of this data. All the more reason for businesses to conduct IT security consulting and implement remedial cybersecurity measures.

The components don’t include any basic stealth or obfuscation mechanisms to mask activity, although the actor may have thought this wasn’t essential given that many Android devices lack host-based detection systems. Please call 1300 292 376 or send an email to for more information on protecting your company from potential cybersecurity risks.

Post a Comment