From phishing links to malware attacks, these cryptocurrency leakers or thieves are abusing the Google Ads and Twitter Ads feature (formerly known as X).
Leaks of wallets and cryptocurrencies pose a major threat to users. These malicious programs use various techniques such as campaign launches, deceptive websites, wallet connections, smart contract interactions, asset transfers, and concealment to illegally remove cryptocurrencies from victims’ wallets. Transfer to.
For reference, a cryptocurrency drainer or cryptocurrency stealer is a type of malicious program designed to steal cryptocurrency from wallets. They work by tricking users into approving transactions, often allowing the attacker to transfer funds without the user’s knowledge or consent.
Anti-fraud solution provider Scam Sniffer discovered A series of cryptocurrency draining malware attacks stole approximately $59 million from 63,210 victims by embedding a wallet draining tool called MS Drainer into Google searches and X (officially Twitter) ads. This attack campaign leverages malicious ads on Google and X to redirect users to phishing pages.
An unsuspecting user clicks on an ad linked to a common keyword in the DeFi world. These ads can bypass ad audits, use redirect scams, and target specific regions. From March 2023 to today, we discovered thousands of phishing sites using Drainer, with spikes in activity in May, June, and November.
These sites were promoted on Google Search using Google’s tracking templates. Advertisements on X were more general, promoting NFT airdrops and new token launches on sites with drainers stealing funds from users’ wallets.
Researchers monitored 10,072 phishing websites and found that 60% of ads on X directed users to malware designed to steal cryptocurrency. MS Drainer is available on dark web forums and its source code is sold directly to customers, unlike other malware where the developer charges his 20% fee.
Check Point Research (CPR) announced on December 22nd. the study This highlights an alarming increase in sophisticated phishing attacks targeting various blockchain networks using cryptocurrency wallet exfiltration techniques, including Ethereum, Binance Smart Chain, Polygon, Avalanche, and other approx. 20 networks are targeted.
CPR linked this attack to Angel Drainer, a group known for its involvement in cyberattacks in the cryptocurrency space.regardless of shutdown Angel Drainer remains active among similar groups like Inferno Drainer, which helped steal over $80 million in cryptocurrencies. Attackers create fake airdrops and phishing campaigns to lure users with free token offers. It redirects users to her fraudulent website and requests to connect to their wallet.
Users are lured into interacting with smart contracts designed to steal their tokens. Users unknowingly give attackers access to their funds, allowing token theft. Attackers use methods such as mixers and multiple transfers to liquidate stolen assets. ERC-20 token permissions allow a token holder to authorize spenders to transfer tokens without performing her transactions on-chain. However, if users are tricked, attackers can transfer funds without recording any trace on the blockchain.
CPR and Scam Sniffer are calling on the advertising industry to prevent malicious ads from reaching innocent users, and for consumers and users to be careful when opening links in online ads.
“Advertising platforms need to strengthen their verification processes to prevent malicious actors from abusing their services,” Scam Sniffer said.
Related article
- Google Ads Malware Wipes NFT Influencer’s Crypto Wallet
- ALPHV (BlackCat) ransomware uses Google Ads to target victims
- Fake Brave browser website drops malware thanks to Google ads
- Google Ads Drop FatalRAT Malware from Fake Messenger and Browser Apps
- Google Drive accounted for 50% of malicious Office document downloads