AngelX, a new variant of the Angel Drainer malware, has emerged as a significant threat to the Web3 ecosystem. Discovered by Blockaid’s Threat Intelligence team, the malware exhibits enhanced functionality and the ability to target previously unsupported blockchain networks.
Categorized as a “drainer” malware, AngelX operates through decentralized applications (dApps) to steal cryptocurrency and sensitive information from users. It primarily targets users by tricking them into interacting with malicious dApps that capture private keys, seed phrases, and critical data.
One of AngelX’s notable features is its expanded reach to blockchain networks such as TON and TRON, in addition to Ethereum-based platforms. This broader target range increases the malware’s potential impact by encompassing more users and dApp ecosystems.
The malware’s advanced command-and-control (CNC) dashboard allows threat actors to manage infected dApps effectively. It provides control over the malicious activities, including selecting target blockchains, defining interaction flows, and monitoring stolen data in real-time. The CNC system also enables attackers to optimize their strategies based on success rates.
Moreover, AngelX incorporates an enhanced cloaking mechanism to evade detection by security vendors. By modifying its behavior and utilizing anti-analysis measures, the malware complicates efforts to identify and mitigate its operations.
A concerning aspect of AngelX is its ability to steal seed phrases from users, granting attackers full access to cryptocurrency wallets. The malware deceives users into inputting their seed phrases into fake interfaces, enabling attackers to transfer funds clandestinely.
AngelX’s streamlined deployment process enhances its ease of use for cybercriminals, lowering the barrier to entry for utilizing its capabilities. Security teams are actively developing countermeasures and detection logic to safeguard users from this evolving threat.
In conclusion, AngelX represents a significant advancement in drainer malware, posing a formidable risk to the Web3 ecosystem. As cybercriminals refine their tactics, it is crucial for security teams to remain vigilant in monitoring emerging threats and implementing robust defenses.
By identifying and countering new variants like AngelX during their testing phases, security experts can mitigate the potential impact and safeguard users from sophisticated cyber threats.
The MITRE Tactics and Techniques associated with AngelX include initial access through phishing campaigns, exploitation of public-facing applications, and credential access through input capture and brute force techniques. The malware also exhibits persistence, privilege escalation, command-and-control communication, exfiltration of sensitive data, and impacts ranging from data manipulation to inhibiting system recovery.
Overall, the emergence of AngelX underscores the importance of proactive cybersecurity measures to defend against evolving cyber threats in the Web3 landscape.