Analysts at Trend Micro have uncovered malware that latches onto scam websites belonging to digital asset fraudsters. Called Water Labbu, the malware has been identified to have affected over 45 scam websites, stealing $316,000 in what was described as a thief stealing from thieves.
The modus operandi of the malware is parasitic, as it poses as a decentralized application (DApp) to gain access to digital assets. The report notes that it does this by “injecting malicious JavaScript code” and sending a request after identifying that a wallet has a sizable amount of digital assets.
“The request is disguised to look like it was being sent from a compromised website and asks for permission (token allowance) to transfer a nearly-unlimited amount of USD Tether (USDT),” read the report.
The scammers are misled to believe that a DApp issued the request, often failing to read through the details. In reality, the granted permission belongs to an address controlled by Water Labbu, which is used to drain the funds from the victim’s wallet.
Water Labbu’s method of pilfering digital assets differs from the usual method used by scammers. Scammers are known to use social engineering tactics like building trust over several months to fleece victims of their virtual currencies.
However, the bad actors behind Water Labbu do not have to build fraudulent investment websites. Instead, they inject malicious Javascript code into websites belonging to other scammers.
Malware is the bane of digital assets industry
A Chainalysis report submitted that malware was the sole culprit for 75% of hacks in the industry since 2017, with even low-level cybercriminals employing them in their schemes. Cyble Research Labs drew attention to malware spreading through YouTube known as Pennywise, which was embedded in a free block mining software as part of a free BTC mining tutorial.
The malware was reported to attack wallets holding Zcash (ZEC) and Ethereum (ETH), even targeting cold digital asset wallets. At the start of the year, a pirated copy of “Spider-Man: No Way Home” was revealed to be the primary source of a Monero mining malware responsible for latching onto the personal computers of victims to mine the privacy coin and install a program to monitor mining progress.
Chainalysis notes that the malware is often available for purchase in darknet marketplaces, allowing less sophisticated hackers to spam millions of potential victims in the hopes that they get lucky with their attacks.
Watch: The BSV Global Blockchain Convention panel, Cybersecurity: A Safer World with Blockchain
New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.
