Hackers compromise scam sites to redirect crypto transactions
It is important to note that ‘dApps’ (decentralized applications) are used for liquidity mining. Liquidity mining means that investors lend their cryptocurrencies to a decentralized exchange in exchange for high returns generated via trading fees.
But fraudsters have developed scam versions of ‘dApps’, which impersonate cryptocurrency liquidity mining services to steal victims’ cryptocurrency investments.
As soon as an investor connects his Waller to the dApp, Water Labbu’s script detects if it contains many cryptocurrencies and, if so, tries to steal it using several methods.
Already Water Labbu is said to have made at least $316,728 in profit from nine identified victims while compromising at least 45 fraudulent websites.
In order to compromise scam sites, the threat actor locates scam sites for cryptocurrencies and injects the “dApps” with malicious scripts that merge easily with the site’s systems.
Once the balance is above 0.005 ETH or 22,000 USDT, the target becomes valid for Water Labbu, and the script then determines whether the victim is using Windows or a mobile OS (Android, iOS). If the victim is on a mobile device, Water Labbu malicious script sends a transaction authorization request via the dApp website, making it look as if it came from the scam website.
If the recipient agrees to the transaction, the malicious script will empty the wallet of available funds and send it to an address of Water Labbu.
The sources for this piece include an article in BleepingComputer.