Fraudulent cryptocurrency sites are targeted by other scammers to hijack their traffic and possible revenue. A recently detected threat actor named Water Labbu is manipulating users attracted to these sites as a source of income, by injecting a malicious script as a tool to interact with the wallet which, depending on its funds, will be attacked.
Crypto scammers attack crypto scammers
The rise of the cryptocurrency ecosystem has sparked interest in targeting investors through scam sites using different resources that include Youtube streams to do so, as a recent report showed. Now crooks take advantage of other crooks through sophisticated scripting tools. A new type of threat actor, called Water Labbu, targets third-party crypto scam sites to use their lured users as targets for its attack as well.
The attack inserts a script into the cryptocurrency scam webpage, which is usually some kind of loan liquidity providing page, which sends an approval prompt to the user’s cryptocurrency wallet. he has more than a certain amount of cryptocurrency in his wallet. If the user approves the request, which is designed to look like a valid token allocation request from a website3, the relevant wallet will be emptied of all USDT present.
This constitutes a fraudulent double attack: Water Labbu steals the cryptocurrency of the targeted users and also uses the resources of the fraudulent site, which has previously invested in several channels to attract the attention of these users.
Earnings and warnings to avoid this scam
Water Labbu managed to infect 45 scam cryptocurrency websites according to a recent article by Trend Micro, a cybersecurity and antivirus company. The company also determined that at least 9 addresses fell victim to this fraud, allowing the attack to siphon off over $300,000 in funds.
To avoid falling victim to this type of attack, users should follow the same best practice rules to avoid other similar cryptocurrency scams. Trend Micro explains that “users should be careful of any invitations to invest from untrusted parties. Also, they should not trade cryptocurrency funds on an unknown platform without thoroughly checking its legitimacy, understanding what it does and how it works.
Another way to avoid this kind of scam is to be very aware of token approval limits and review every transaction to be signed by the cryptocurrency wallet being used.
What do you think of the cryptocurrency scam attack using other scam sites? Tell us in the comments section below.
Image credits: Shutterstock, Pixabay, Wiki Commons