A newly discovered threat group called Water Labbu has been hijacking crypto scam websites organised and managed by scammers. This new campaign aims to deploy compromised JavaScript into sites to steal cryptocurrency funds from targets.
Recently, the Water Labbu breached into fake DApp websites and injected the malicious JavaScript code inside the website’s HTML source code. Moreover, the researchers said that the primary threat actors will not engage with victims directly and leaves all the social engineering process to their partner scammers.
This campaign targets investors who lend their cryptocurrency funds to a decentralised exchange for high rewards. If this targeted investor links its wallet to DApp, the threat actors will use a malicious script to detect if it has sufficient crypto fund holding to snatch.
Subsequently, if the script identifies any crypto holding that ranges more than 1 USDT or 0.001ETH, the threat operators will attempt to steal the funds using several methods.
The Water Labbu threat group has infiltrated numerous scam websites.
According to analysts, the Water Labbu group has attacked nearly 50 scam websites. These scam sites have lossless mining liquidity pledge themes for scamming targets.
As of now, the attackers made a profit that reaches a little over $300,000 from transacting with nine victims.
The threat actors also have different methods of attacks for different types of targets. If a target uses Windows, the hacked websites will display a phoney Flash Player update notice on the scam site. However, the Flash installer is a backdoor acquired by the hacker from GitHub.
The script sends a transaction approval request through the DApp website if a target uses a mobile device. If the recipient allows the request, the hand will steal the wallet’s content and send the funds to the controlled address of the Water Labbu group.
If the target uses iOS or Android devices, it returns a request for the first phase script of crypt-theft capabilities.
Cybersecurity experts recommend that users constantly review DApp sites before committing to them. Once a user scans the site, it enables them to identify if it is genuine. Therefore, their wallets are safe after connecting to the platform. Lastly, authentic websites allow users to monitor their wallets to ensure the avoidance of scams.
