In a world where fraudsters are rampant and seemingly obsessed with hacking innocent parties – like the Costa Rican healthcare system (opens in a new tab)– To hold their data ransom for crypto capital, we almost got excited when we heard about malware catching fraudsters before they could profit from their misdeeds. Unfortunately, it’s not all good news.
Trend Micro (opens in a new tab) outlines in a recent post a parasitic threat actor the company just discovered. It has been named Water Labbu, potentially as a nod to a Mesopotamian lion-dragon-like mythological creature (opens in a new tab) designed by the god Enlil to wipe out the plagues that humanity had become. The rest of the gods ended up cowering before it, and he finally sent someone to kill the beast, which took three years, three months and a day to bleed out.
The more you know…
Water Labbu (the malicious actor, not the creature) had targeted problematic cryptocurrency scam websites, piggybacking on the social engineering tactics many crypto scammers use, such as convincing people to hand over passwords, etc., to beat up being scammers.
It would hide behind the guise of a decentralized application (DApp) and infect the crypto scammers’ websites and wait for a victim whose crypto wallet was overflowing to connect to the website. It then requests permission from the original scammer to transfer an ungodly amount of USD Tether (USDT) from their target, making itself appear less threatening by hiding behind the DApp mask.
“If the victim loads the script from a mobile device using Android or iOS,” the report notes, “it returns the first-stage script with cryptocurrency theft capabilities.”
“If the victim loads the script from a desktop running Windows, it returns another script that displays a fake Flash Player update message asking the victim to download a malicious executable.”
If the scammer accepts the permissions without reading them properly, the script essentially allows Water Labbu to cut off the scammer in their wrongdoing, make them the victim, and empty their wallet. So far, Trend Micro reports that over $300,000 has been stolen in this parasitic fashion, from at least nine victims.
And while there’s always a part of me that loves to hear about scammers getting away with it, their original victims are still victims here. I haven’t heard anything about Water Labbus’ managers going all Robin Hood and paying the money back, at least not yet.
Until then, I’m not even sure it’s worthy of the epic Mesopotamian beast name; less of a mighty, world-ending dragon that strikes fear even in the gods themselves, more like a crypto tapeworm.
