Infamous Chisel replaces system components
Western intelligence agencies said Russia's military intelligence unit has been targeting Ukrainian Android devices with "Infamous Chisel."
For those who came in late, Infamous Chisel is the tracking name for new malware designed to backdoor devices and steal critical information. It is a collection of components that enable persistent access to an infected Android device over the Tor network and which periodically collates and exfiltrates victim information from compromised devices.
“Five eyes” Intelligence officials from the UK, US, Canada, Australia, and New Zealand warn that the information exfiltrated is a combination of system device information, commercial application information and applications specific to the Ukrainian military."
Infamous Chisel gains persistence by replacing the legitimate system component known as netd with a malicious version. Besides allowing Infamous Chisel to run each time a device is restarted, the malicious netd is also the main engine for the malware.
It uses shell scripts and commands to collate and collect device information and also searches directories for files with a predefined set of extensions. Depending on where on the infected device a collected file is located, netd sends it to Russian servers either immediately or once a day. Infamous Chisel uses the TLS protocol and a hard-coded IP and port when exfiltrating files of interest.
https://fudzilla.com/news/57517-russ...n-the-backdoor
Russians hit Android in the backdoor
1st September 2023, 10:19
Russians hit Android in the backdoor 
Similar Threads 
