Manoj Sharma of Symantec to discuss trends he’s hearing about generative AI.
This interview from June 30th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with Manoj Sharma of Symantec to discuss trends he’s hearing about generative AI. Read More
Hackers Hijack Websites to Inject Malware that Steals User Credentials
[[{“value”:”
Concerning a development for internet security, a new form of website malware known as “Angel Drainer” has been increasingly targeting Web3 and cryptocurrency assets since January 2024.
This malware is part of a broader trend of rising Web3 phishing sites and crypto drainers that significantly threaten user credentials and wallets.
Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks
.
Web3 Crypto Malware: Angel Drainer Overview
Angel Drainer is a crypto drainer implicated in security breaches, including a notable incident with Ledger Connect Kit in December.
It operates by injecting itself directly into compromised websites or redirecting visitors to phishing sites containing the drainer. Once in place, it can steal and redistribute assets from compromised wallets, reads the Sucuri report.
The surge in malicious activity is alarming, with over 20,000 unique Web3 phishing sites created in 2023 alone.
As per recent reports, the Angel Drainer phishing group has illicitly acquired a sum of over $400,000 from a total of 128 cryptocurrency wallets.
The group has utilized a new and sophisticated tactic to carry out their fraudulent activities, which is a cause of concern for businesses and individuals alike.
In the first two months of 2024, at least three unrelated malware campaigns have begun using crypto drainers in website hacks.
fake browser update + crypto drainer
Sucuri’s SiteCheck remote website scanner detected the Angel Drainer variant on over 550 sites since early February, and the public showed this injection on 432 sites at the time of writing.
The impact of these attacks is profound, with Angel Drainer found on 5,751 different unique domains over the past four weeks.
The malware leverages phishing tactics and malicious injections to exploit the Web3 ecosystem’s reliance on direct wallet interactions, endangering both website owners and the safety of user assets.
Injection Methods and Strategies
The injection methods used by these attackers are sophisticated and varied. They can include browser hijacking, where the malware modifies web browser settings without permission and redirects users to malicious websites.
This can lead to the theft of sensitive data such as banking information and credit card numbers.
The Angel Drainer malware is insidious because it can remain undetected while collecting user activity and credentials data.
Once installed, it can alter the activity of the user’s browser, redirect searches, and generate fraudulent advertising revenue for the attackers.
In conclusion, the rise of Angel Drainer and similar crypto drainers represents a significant escalation in the threat landscape for Web3 and cryptocurrency users.
In just one year of operation, Angel Drainer has drained over $25 million from nearly 35,000 wallets.The Angel Drainer phishing group reportedly pilfered over $400,000 from 128 crypto wallets using a new tactic. A recent analysis suggests that the…
It underscores the importance of maintaining robust security practices, including using updated antivirus software, carefully downloading, and being vigilant against suspicious emails and pop-ups.
As the situation develops, users are urged to stay informed and exercise caution to protect their digital assets and personal information.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Smashing Security podcast #398: Fake CAPTCHAs, Harmageddon, and Krispy Kreme
This week, we delve into the dark world of fake CAPTCHAs designed to hijack your computer. Plus, the AI safety clock is ticking down – is doomsday closer than we think? And to top it off, we uncover the sticky situation of Krispy Kreme facing a ransomware attack.
All this and more is discussed in the latest jam-packed edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley of “The AI Fix” podcast. Read More
Kansas courts IT systems offline after ‘security incident’
Information systems of state courts across Kansas are still offline after they’ve been disrupted in what the Kansas judicial branch described last Thursday as a “security incident.” […] Read More