Threat actor hacks cryptocurrency scam sites to steal funds

Share post:

A threat group called ‘Water Labbu’ hacks into cryptocurrency scam sites to hijack transactions and steal money from the fraudster’s victims.

Hackers pose as dApps, decentralized applications known to offer liquidity mining services to steal from victims. Instead of creating their own scam sites, Water Labbu hack into the scam dApp websites and inject JavaScript code into the website’s HTML.

Once victims connect their wallet to the fake dApp, Water Labbu’s script detects if it contains many cryptocurrencies, and if so, it attempts to steal using multiple methods.

“In one of the cases we analyzed, Water Labbu injected an IMG tag to load a Base64-encoded JavaScript payload using the “onerror” event, in what is known as an XSS evasion technique to bypass Cross-Site Scripting (XSS) filters. The injected payload then creates another script element that loads another script from the delivery server tmpmeta [.] com,” Trend Micro’s report states.

The script used by the attacker monitors newly connected wallets on the scam sites. It also retrieves the address and accounts of TetherUSD and Ethereum wallets. Once the account balance is above 0.005 ETH or 22,000 USDT, the target is valid for Water Labbu, and the script then determines whether the victim is using Windows or a mobile OS (Android, iOS).

If the victim agrees to the transaction, the malicious script will empty the wallet of its funds and send them to an address owned by Labbu.

To avoid this crypto scam, it is important that users research dApp websites, especially liquidity mining platforms, to see if they are legitimate before connecting their wallets to them.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Altman Rejects Musk’s $97.4B OpenAI Bid

Elon Musk’s $97.4 billion bid to take control of OpenAI has been met with a sharp rejection from...

ByteDance Introduces Image Generation

ByteDance Unveils OmniHuman-1: A New AI That Turns Single Photos Into Life-Like Videos, AT&T Rolls Out Call Context...

Ransomware Payments Drop 35%: Cyber Security Today for Monday, February 10, 2025

Ransomware Payments Drop 35% in 2024 as Victims Resist Hackers' Demands, Treasury's DOGE Access Sparks a National Security...

DeepSeek vs. OpenAI: The AI Arms Race Gets Messy: Hashtag Trending for Thursday, January 30th, 2025

DeepSeek vs. OpenAI: The AI Arms Race Gets Messy, Even More Competition in AI, and Frustrated Website Owners...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways