Water Labbu Malware Targets Scammers to Steal Their Ill-Gone Crypto – Decrypt

It’s a dog-eat-dog world for crypto scammers.

New reports come revealed how an individual identified crypto scammers in order to rob them of their ill-gotten funds.

Crypto scammers often use social engineering techniques to interact with victims and convince them to part with their hard-earned money. Scammers do this either by sending funds directly to fraudsters or by providing the necessary permissions to access wallets.

Water Labbu, the name of the individual who robbed the crooks, allegedly used a similar method to steal cryptocurrencies, gaining access permissions to their victims’ wallets. However, they didn’t use any form of social engineering, leaving the dirty work to the original scammers.

Instead of creating their own fraudulent websites, Water Labbu compromised the websites of other scammers that posed as legitimate decentralized applications (dApps) and injected them with malicious JavaScript code.

Hidden in the shadows, Water Labbu patiently waited for high-value victims to connect their wallets to a fraudulent dApp, before injecting a JavaScript payload into that website to steal the funds.

Nothing changed for the victims of the original scammer – they were robbed anyway. The only difference is that Water Labbu started snatching crypto from fraudsters, diverting the funds to their own wallets.

“The request is disguised to look like it was sent from a compromised website and asks for permission to transfer an almost unlimited amount of USD Attached of the target’s portfolio,” reads Trend Micro’s report.

The Water Labbu attack flow. Source: Trend Micro

Water Labbu flies away with over $300,000

In one identified case, the malicious script managed to drain USDT from two addresses, swapping them on the Uniswap exchange – first to the USDC stablecoin, then to Ethereum (ETH) – before sending the ETH funds in the Tornado Cash blender.

The report also noted that Water Labbu used different methods for different operating systems. For example, if the victim loaded the script from a desktop running Windows, it returned another script displaying a fake Flash update message asking the victim to download a malicious executable file.

Trend Micro said Water Labbu compromised at least 45 fraudulent websites, most of them following the so-called “lossless mining liquidity pledge” model, the dangers that law enforcement alert around earlier this year.

According to security analysts, the profit made by Water Labbu is estimated to be at least $316,728 based on the transaction records of nine identified victims.

Stay up to date with crypto news, get daily updates in your inbox.

#Water #Labbu #Malware #Targets #Scammers #Steal #IllGone #Crypto #Decrypt #Crypto

Related Articles

Back to top button