You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
In a world where scammers are rife, and seemingly obsessed with hacking innocent parties—like the Costa Rican healthcare system—in order to hold their data ransom for crypto capital, we almost got excited when we heard about malware that intercepted scammers before they could profit from their misdeeds. Unfortunately, it's not all good news.
Trend Micro outlines in a recent post a parasitic threat actor the company just discovered. It's been named Water Labbu, potentially as a nod to a Mesopotamian lion-dragon-like mythological creature designed by the God Enlil to wipe out the nuisance that humanity had become. The rest of the Gods ended up cowering before it and he finally sent someone to slay the beast which took three years, three months, and a day to bleed out.
It would hide behind the guise of a decentralised application (DApp) and infect the crypto scammers' websites, waiting for a victim whose crypto wallet was overflowing to connect to the site. It then asks for permission from the original scammer to transfer an ungodly amount of USD Tether (USDT) from their target, making itself seem less threatening by hiding behind the DApp mask.
"If the victim loads the script from a mobile device using Android or iOS," the report notes, "it returns the first stage script with cryptocurrency-theft capabilities."
"If the victim loads the script from a desktop running Windows, it returns another script showing a fake Flash Player update message asking the victim to download a malicious executable file."
Best CPU for gaming: The top chips from Intel and AMD
Best gaming motherboard: The right boards
Best graphics card: Your perfect pixel-pusher awaits
Best SSD for gaming: Get into the game ahead of the rest
If the scammer accepts the permissions without reading them properly, the script essentially allows Water Labbu to intercept the scammer in their wrongdoings, turning them into the victim and draining their wallet. So far, Trend Micro reports that over $300,000 has been stolen in this parasitic manner, from at least nine victims.
And while there's always a part of me that loves to hear of scammers getting their comeuppance, their original victims are still victims here. I've heard nothing about Water Labbu's stewards going all Robin Hood and paying the money back, at least not yet.
Until then I'm not even sure it's worthy of the epic Mesopotamian beast's name; less of a mighty, world-ending dragon that instils fear even in the Gods themselves, more like a crypto tapeworm.
