Cryptocurrency scam sites are being targeted by other scammers to hijack their traffic and their possible earnings. A recently detected threat actor, named Water Labbu, is manipulating the users that are drawn to these sites as a source of revenue, injecting a malicious script as a tool for interacting with the wallet that, depending on its funds, will be attacked.
Crypto Scammers Are Attacking Crypto Scammers
The rise of the cryptocurrency ecosystem has brought interest in targeting investors through scam sites using different resources that include Youtube streams to do so, as a recent report showed. Now, scammers are taking advantage of other scammers through sophisticated script tools. A new kind of threat actor, called Water Labbu, is targeting third-party crypto scam sites to use their attracted users also as targets for its attack.
The attack inserts a script in the cryptocurrency scam web page, which is commonly a kind of lending-liquidity providing page, that sends an approve prompt to the cryptocurrency wallet of the user if he has over a certain amount of cryptocurrency in his wallet. If the user approves the request, which is designed to look like a valid token allowance request from a Web3 site, the wallet affected will be drained of all the USDT present.
This constitutes a double scam attack: Water Labbu steals the cryptocurrency from the targeted users and also uses the resources of the scam site, which previously has invested in several channels to…
