© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Water Labbu attacker robs scammers of their loot


Threat actor Water Labbu abuses scam pages to rob swindlers of the opportunity to con unsuspecting victims.

Proving the old saying ‘no honor among thieves,’ threat actors dubbed Water Labbu devised malware to outmaneuver scammers trying to cash in on victims they were working on for long periods of time.

According to cybersecurity firm Trend Micro researchers, threat actors breach websites of scammers that pose as a decentralized application (DApp) and inject malicious code of their own.

The original scammers usually set up a website posing as a legitimate DApp service. Later they employ social engineering tactics to convince victims to part with their cryptocurrency, promising juicy profit. The FBI claims that the process often takes weeks as scammers avoid spooking their targets by rushing.

Meanwhile, Water Labbu lurks in the shadows, observing how the scammer dances around its victim. Once Water Labbu notices a high-value victim, threat actors inject JavaScript payload into a scam website connected to the high-value victim.

“The request is disguised to look like it was being sent from a compromised website and asks for permission to transfer a nearly-unlimited amount of USD Tether from the target’s wallet,” reads Trend Micro’s report.

From the victims’ perspective, the request comes from a fake DApp they already trust. However, once Water Labbu drains the victim’s account, owners of the scam DApp are left empty-handed. Unfortunately, victims suffer financial loss no matter which scammer ends up robbing them.

The somewhat parasitic tactics have caught on as Trend Micro discovered 45 fraudulent crypto-related DApp websites that Water Labbu has compromised. An analysis of nine victims showed that the ‘scam the scammers’ affairs netter threat actors over 315k in USDT, a stablecoin pegged to the US dollar with a value of 1:1.


More from Cybernews:

Quantum computing: shining a light on the nature of the universe

New Bill of Rights to govern AI usage in "the age of artificial intelligence"

Hacker sentenced to 20 years over ransomware attacks

APT groups likely maintained long-term access to Defense Industrial Base organization

Illegal gambling among bitcoin spending habits – survey

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked