Water Labbu Hijacks Crypto Transactions from Scam Websites

Water Labbu’s hijacking attacks

• The attackers do not engage with the victims directly and leave all the social engineering work to the scammers.
• When an investor (who lends their crypto to a decentralized exchange for high rewards) connects their wallet to DApp, a script is used to detect if it has a sufficient amount of crypto holdings.
• If the script finds any crypto holdings (more than 0.001 ETH or 1 USDT), the attackers try to steal the funds using different techniques.

Widespread impact

• Water Labbu has attacked 45 scam websites so far and, notably, most are following the lossless mining liquidity pledge theme.
• The profit made by the attacker is believed to be $316,728, looking at the transactions from nine victims.

OS-based attacks

• If a victim is using a mobile device, the script sends a transaction approval request via the DApp site. If the recipient agrees, the script drains the wallet and sends the funds to the address controlled by Water Labbu.
• If the device uses Android or iOS, it returns a request for the first stage script of cryptocurrency-theft abilities.
• For Windows-based users, the hacked sites display a fake Flash Player update notice overlayed on the scam site. 
• In reality, the Flash installer is a backdoor obtained from GitHub directly.

Conclusion