Cryptocurrency scam sites compromised for crypto theft

BleepingComputer reports that malicious decentralized applications or cryptocurrency scam sites are being targeted by a threat actor dubbed "Water Labbu" to exfiltrate funds stolen from scam victims. At least 45 scam websites have already been infiltrated by Water Labbu, which has amassed at least $316,728 in profits, through an attack involving malicious JavaScript injection, according to a Trend Micro report. "In one of the cases we analyzed, Water Labbu injected an IMG tag to load a Base64- encoded JavaScript payload using the onerror event, in what is known as an XSS evasion technique, to bypass Cross-Site Scripting (XSS) filters. The injected payload then creates another script element that loads another script from the delivery server tmpmeta[.]com," said Trend Micro. Both Ethereum and TetherUSD addresses and balances are being retrieved by the script as it scans wallets on the scam sites, with balances more than 0.005 ETH or 22,000 USDT being targeted for exfiltration by Water Labbu.