Security News > 2022 > October > Hackers are breaching scam sites to hijack crypto transactions
In a perfect example of there being no honor among thieves, a threat actor named 'Water Labbu' is hacking into cryptocurrency scam sites to inject malicious JavaScript that steals funds from the scammer's victims.
In July, the FBI warned of scam 'dApps' that impersonated cryptocurrency liquidity mining services but, in reality, stole a victim's crypto investments.
Instead of creating their own scam sites, Water Labbu hacks into these types of fake dApp sites and injects JavaScript code into site's HTML. The hackers do not engage with the victims and instead leave all the social engineering work to the scammers.
The script monitors newly connected wallets on the scam sites and retrieves the address and balances of TetherUSD and Ethereum wallets.
For Windows users, the hacked sites will show a fake Flash Player update notice overlayed on the scam site instead. The Flash installer is, in reality, a backdoor fetched directly from GitHub.
Periodically review your wallet's allowed sites to make sure you did not inadvertently add a scam site.
News URL
Related news
- Radiant links $50 million crypto heist to North Korean hackers (source)
- North Korean hackers stole $1.3 billion worth of crypto this year (source)
- North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin (source)
- FBI links North Korean hackers to $308 million crypto heist (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)