A new campaign is circulating online that abuses Google Ads in an attempt to steal cryptocurrency from ignorant victims, according to a new report from Check Point Research. Over the weekend, the security firm observed hundreds of thousands of US dollars worth of cryptocurrency stolen by criminals from users' cryptocurrencies. Although criminals traditionally use email to launch their phishing campaigns, in one case, they have put Google Ads at the top of Google search by mimicking popular crypto wallets and platforms, including Phantom App, MetaMask, and Pancake. . Swap, to attract its victims. At the same time, multiple sets of scammers are now bidding on wallet-related keywords in Google Ads and using Google search as an attack vector to target victims' crypto wallets. Each of the fake ads used in the campaign contains a malicious link that, when clicked, directs victims to a phishing site that copies the branding and messaging of the original crypto wallet site. From there, criminals trick their victims into giving up their wallet passwords in order to steal their content.
Compromised crypto wallets
When a victim accesses scammers' fake sites, they either try to steal their passcode sentence if they already have a crypto wallet with the service or provide a new passcode sentence for those who create one wallet at a time. first. Either way, the criminals have access to the victim's crypto wallet and can then steal their cryptocurrencies. Check Point found eleven compromised wallet accounts, each with between €XNUMX and €XNUMX in cryptocurrency. However, crossing Reddit discussion boards where victims reported having their crypto wallet funds stolen, the company estimates that more than €XNUMX was stolen in the last weekend alone. Check Point's Head of Product Vulnerability Research, Oded Vanunu, provided background information in a weblog post about how scammers are now using Google Ads in Google Search to serve their phishing campaigns, stating: “In our observation, each ad had a cautionary message and a selection of keywords to highlight in the search results. The phishing sites that the victims were directed to reflected a copy and also careful imitation of the messages of the wallet brand. And most worryingly, multiple sets of scammers are bidding for keywords in Google Ads, which is surely a sign of the success of these new phishing campaigns that aim to steal crypto wallets. Unfortunately, I expect this to become a rapidly developing trend in cybercrime. I strongly urge the crypto community to check the URLs they click on and avoid clicking on Google ads related to crypto wallets now. To avoid falling victim to this and similar scams, Check Point advises that users carefully scrutinize each and every URL they visit in their browsers, avoid crypto ads, as they could be fake, and never reveal your password. to absolutely no one online. Looking for more shelter online? Check out our roundups for the best password manager and identity theft protection.