A threat group called ‘Water Labbu’ hacks into cryptocurrency scam sites to hijack transactions and steal money from the fraudster’s victims.
Once victims connect their wallet to the fake dApp, Water Labbu’s script detects if it contains many cryptocurrencies, and if so, it attempts to steal using multiple methods.
The script used by the attacker monitors newly connected wallets on the scam sites. It also retrieves the address and accounts of TetherUSD and Ethereum wallets. Once the account balance is above 0.005 ETH or 22,000 USDT, the target is valid for Water Labbu, and the script then determines whether the victim is using Windows or a mobile OS (Android, iOS).
If the victim agrees to the transaction, the malicious script will empty the wallet of its funds and send them to an address owned by Labbu.
To avoid this crypto scam, it is important that users research dApp websites, especially liquidity mining platforms, to see if they are legitimate before connecting their wallets to them.
The sources for this piece include an article in BleepingComputer.