New parasitic malware found to be stealing digital assets from scammers
Analysts at Trend Micro have uncovered malware that latches onto scam websites belonging to digital asset fraudsters. Called Water Labbu, the malware has been identified to have affected over 45 scam websites, stealing $316,000 in what was described as a thief stealing from thieves.
The modus operandi of the malware is parasitic, as it poses as a decentralized application (DApp) to gain access to digital assets. The report notes that it does this by “injecting malicious JavaScript code” and sending a request after identifying that a wallet has a sizable amount of digital assets.
“The request is disguised to look like it was being sent from a compromised website and asks for permission (token allowance) to transfer a nearly-unlimited amount of USD Tether (USDT),” read the report.
The scammers are misled to believe that a DApp issued the request, often failing to read through the details. In reality, the granted permission belongs to an address controlled by Water Labbu, which is used to drain the funds from the victim’s wallet.
Water Labbu’s method of pilfering digital assets differs from the usual method used by scammers. Scammers are known to use social engineering tactics like building trust over several months to fleece victims of their virtual currencies.
However, the bad actors behind Water Labbu do not have to build fraudulent investment websites. Instead, they inject malicious Javascript code into websites belonging to other scammers.
Malware is the bane of digital assets industry
A Chainalysis report submitted that malware was the sole culprit for 75% of hacks in the industry since 2017, with even low-level cybercriminals employing them in their schemes. Cyble Research Labs drew attention to malware spreading through YouTube known as Pennywise, which was embedded in a free block mining software as part of a free BTC mining tutorial.
The malware was reported to attack wallets holding Zcash (ZEC) and Ethereum (ETH), even targeting cold digital asset wallets. At the start of the year, a pirated copy of “Spider-Man: No Way Home” was revealed to be the primary source of a Monero mining malware responsible for latching onto the personal computers of…
