A Sydney resident was sentenced to 15 months in prison and 300 hours of community…
Hacked scam site
This summer, the FBI warned of a scam using dApps (decentralized applications) that pretend to be cryptocurrency services that allegedly mine liquidity, but in fact steal crypto investments of naive users.
As Trend Micro experts have now discovered, the operators of fraudulent dApp sites have themselves become victims of hackers. The Water Labbu hacker group parasitizes on such resources, which finds “decentralized applications” on the network and injects malicious scripts into their websites.
Attack scheme
The final script tracks recently connected TetherUSD and Ethereum wallets on fraudulent sites, and then extracts their addresses and balances. If the balance exceeds 0.005 ETH or 22,000 USDT, the target is suitable for a Water Labbu attack.
Script that collects balances of connected wallets
Initially, the script determines whether the target is running on Windows or on a mobile OS (Android, iOS). If the victim is using a mobile device, the malicious script sends them a request to confirm the transaction through the dApp site, giving the impression that it came from the fraudulent resource itself. If the recipient confirms the transaction, the script will empty their wallet and transfer all funds to an address owned by Water Labbu operators.
If the victim is using Windows, the compromised sites will instead display a fake Flash Player update notification overlaid directly on the fraudulent site. This “Flash installer” is actually a backdoor downloaded directly from GitHub. Attackers use this malware in the same way to steal cryptocurrencies and cookies from target devices.
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…
News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…
Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…
News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…
Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…