in july, FBI warns of ‘dApps’ scams (Decentralized Applications) that spoofed cryptocurrency liquidity mining services but actually stole the victim’s crypto investment.
Liquidity mining is when an investor lends their cryptocurrency to a decentralized exchange in exchange for high rewards, usually generated through trading fees.
The hackers do not deal with the victims and instead leave all the work of social engineering to the fraudsters.
When an investor connects to their wallet with a dApp, the Water Labbu script will detect if it contains too many crypto holdings, and if so, try to steal it using various methods described below.
According to analysts, Water Labbu hacked at least 45 scam websites, most of which follow the theme of the “Lossless Mining Liquidity Pledge.”
Trend Micro says the profits made by Water Labbu are estimated to be at least $316,728 based on transaction records from nine identified victims.
There is no honor among thieves
The parasite threat actor identifies cryptocurrency scam websites and injects “dapps” with malicious scripts that blend seamlessly with the site’s systems.
Then the injected payload creates another script element that loads another script from the tmpmeta delivery server[.]com”.
The script monitors newly connected wallets on scam sites and retrieves the addresses and balances of TetherUSD and Ethereum wallets.
If the balance is above 0.005 ETH or $22,000, the target is valid for Water Labbu, then the script determines whether the victim is using Windows or a mobile operating system (Android, iOS).
If the victim is on a mobile device, the Water Labbu malicious script sends the transaction approval request via the dApp, so it looks as if it comes from the fraudulent website.
If the recipient agrees to the transaction, the malicious script will drain their money from the wallet and send it to an address owned by Water Labbu.
For Windows users, hacked sites will display a fake Flash Player update notification overlayed on the scam site instead. The flash installer, in fact, is a backdoor fetched directly from GitHub.
The threat actors then use this backdoor to steal cryptocurrency wallets and cookies from the device.
For victims, the outcome is the same; They lose all their cryptocurrency.
The only thing that has changed with this attack is the transfer of the victim’s digital assets from the original scammer to the Water Labbu hacking group.
To avoid these types of scams, always look for dApp sites, especially liquidity mining platforms, to determine if they are legitimate before connecting your wallet to them.
Also, periodically review the allowed sites in your wallet to ensure that you have not inadvertently added a fraudulent site.
Finally, never jump into investing with strangers you meet on social media, as they usually lead to scams, and avoid trading cryptocurrencies on unknown exchanges.
#Hackers #break #scam #websites #hijack #crypto #transactions