Parasitic malware tricks crypto scammers into doing the hard work for them

A dragon. Not a Mesopotamian one, but a dragon nonetheless.
(Image credit: Doug McKinlay)

In a world where scammers are rife, and seemingly obsessed with hacking innocent parties—like the Costa Rican healthcare system—in order to hold their data ransom for crypto capital, we almost got excited when we heard about malware that intercepted scammers before they could profit from their misdeeds. Unfortunately, it's not all good news.

Trend Micro outlines in a recent post a parasitic threat actor the company just discovered. It's been named Water Labbu, potentially as a nod to a Mesopotamian lion-dragon-like mythological creature designed by the God Enlil to wipe out the nuisance that humanity had become. The rest of the Gods ended up cowering before it and he finally sent someone to slay the beast which took three years, three months, and a day to bleed out.

The more you know...

Water Labbu (the malicious actor, not the creature) had been targeting problematic cryptocurrency scam websites, piggybacking off the social engineering tactics many crypto scammers use, such as convincing people to hand over passwords, etc, in order to turn the tables on would-be scammers.

It would hide behind the guise of a decentralised application (DApp) and infect the crypto scammers' websites, waiting for a victim whose crypto wallet was overflowing to connect to the site. It then asks for permission from the original scammer to transfer an ungodly amount of USD Tether (USDT) from their target, making itself seem less threatening by hiding behind the DApp mask.

"If the victim loads the script from a mobile device using Android or iOS," the report notes, "it returns the first stage script with cryptocurrency-theft capabilities."

"If the victim loads the script from a desktop running Windows, it returns another script showing a fake Flash Player update message asking the victim to download a malicious executable file."

Trend Micro's explanation of the parasitic Water Labbu process.

(Image credit: Trend Micro)
Your next upgrade

(Image credit: Future)

Best CPU for gaming: The top chips from Intel and AMD
Best gaming motherboard: The right boards
Best graphics card: Your perfect pixel-pusher awaits
Best SSD for gaming: Get into the game ahead of the rest

If the scammer accepts the permissions without reading them properly, the script essentially allows Water Labbu to intercept the scammer in their wrongdoings, turning them into the victim and draining their wallet. So far, Trend Micro reports that over $300,000 has been stolen in this parasitic manner, from at least nine victims.

And while there's always a part of me that loves to hear of scammers getting their comeuppance, their original victims are still victims here. I've heard nothing about Water Labbu's stewards going all Robin Hood and paying the money back, at least not yet. 

Until then I'm not even sure it's worthy of the epic Mesopotamian beast's name; less of a mighty, world-ending dragon that instils fear even in the Gods themselves, more like a crypto tapeworm. 

Katie Wickens
Hardware Writer

Screw sports, Katie would rather watch Intel, AMD and Nvidia go at it. Having been obsessed with computers and graphics for three long decades, she took Game Art and Design up to Masters level at uni, and has been rambling about games, tech and science—rather sarcastically—for four years since. She can be found admiring technological advancements, scrambling for scintillating Raspberry Pi projects, preaching cybersecurity awareness, sighing over semiconductors, and gawping at the latest GPU upgrades. Right now she's waiting patiently for her chance to upload her consciousness into the cloud.

Read more
Hacker
$1.5 billion crypto heist could be the biggest yet, more than doubling the previous record, but don't worry: The affected firm says it can take the hit
A computer screen with program code warning of a detected malware script program. 3d illustration
Second Steam listing this year found hiding 'new and clever' malware. This time through a fake demo link on developer's website
Nvidia RTX 4090 Founders Edition graphics card
A single RTX 4090 managed to brute force crack an Akira ransomware attack in just 7 days
Steam logo
A web3 free-to-play survival game found to be a front for installing malware on your PC has finally been removed from Steam
Team Fortress Spy being shocked
An FPS studio pulled its game from Steam after it got caught linking to malware disguised as a demo, but the dev insists it was actually the victim of a labyrinthine conspiracy
Three Magikarp Pokémon
The FBI used self-destruct on malware infecting over 4,000 US computers, it's super effective
Latest in Hardware
A Gigabyte RTX 5070 Ti Eagle OC Ice on a desk and installed in a gaming PC.
Gigabyte GeForce RTX 5070 Ti Eagle OC Ice SFF review
A late afternoon view shows two young women walking past a wall-sized anime mural along Chuo-dori (Central Avenue) in the Akihabara district (known as Electric Town for its maze of electronics stores, but currently considered an almost sacred destination by members of Japan's otaku culture, drawn to Akihabara's video game centers, maid cafes, anime shops, and manga comics), located in Chiyoda Ward in central Tokyo, Japan.
OpenAI's GPT-4o model gets image generation update for all of your anime-style selfie needs
A Nacon Rig Streamstar M2 microphone on white gravel, shot in 3/4 profile
Nacon Rig M2 Streamstar review
1X Technologies humanoid robot, the Neo Gamma, standing alongside Nvidia CEO Jensen Huang. Huang is wearing an ERL-made studded leather jacket.
Humanoid robot Neo Gamma gifts Nvidia CEO a studded leather jacket and may even be able to one day wash up a cup without dropping it
Razer Blade 16 (2025) gaming laptop
Nvidia RTX 5090 mobile tested: The needle hasn't moved on performance but this is the first time I'd consider ditching my desktop for a gaming laptop
A woman wearing a VR headset with dramatic, colourful lighting across the background
'World’s smallest LEDs' could lead to accurately lit screens with 127,000 pixels per inch and much more immersive VR
Latest in News
A screenshot from SaGa Frontier 2, showing one of the protagonists wandering through a quaint fantasy village
One of Square Enix' most underrated PlayStation-era JRPGs just shadow dropped on Steam
The titular character from Princess Mononoke is depicted riding the wolf goddess Moro and carrying a spear.
Studio Ghibli AI image trend floods social media, cheered on by OpenAI and denounced by critics as an insult to Hayao Miyazaki
Marvel Rivals tier list - Wolverine
Marvel Rivals director says a future patch will reduce the shooter's insatiable hunger for RAM: 'It's a very big problem'
Hogwarts Legacy potions professor holding a potion
An unannounced Hogwarts Legacy expansion and 'definitive edition' have reportedly been cancelled
Story of Seasons - A cahacter in a purple tuxedo stands outside in a town square talking to the player
Story of Seasons is doing another Harvest Moon remake and it might be the best the series has ever looked
Assassin's Creed Shadows change seasons - An upper-body shot of Yasuke looking cheerfully up into the distance.
Assassin's Creed Shadows puts up the 'second highest day-one sales revenue in Assassin's Creed franchise history'