Google and X ads are the new weapon for crypto scammers

 Crypto news today:

Crypto scammers, pose a serious threat to users. These harmful programs unlawfully take cryptocurrency from victims' wallets using various tactics, such as launching campaigns, creating deceptive websites, making connections to wallets, interacting with smart contracts, transferring assets, and using obscuration.

To break it down, a crypto drainer uses a harmful program designed to swipe cryptocurrency from your wallet. They work by fooling you into approving transactions that allow the attacker to move your funds elsewhere, often without your knowledge or consent.

Scam Sniffer, a provider of anti-scam solutions, found a series of attacks by crypto drainer malware that stole around $59 million from 63,210 victims. This was done by embedding a wallet drainer called MS Drainer in Google searches and X (formerly Twitter) ads. The attack campaign uses malicious ads on Google and X to redirect users to phishing pages.

Unwitting users click on ads related to common keywords from the DeFi world. These ads can get past ad audits and use redirect deception, targeting specific regions. Thousands of phishing sites using drainers were discovered between March 2023 and today, with increased activity in May, June, and November.

These sites were promoted on Google Search by exploiting Google's tracking template. Ads on X were more common, promoting NFT airdrops and new token launches on sites with drainers that steal funds from users' wallets.

Researchers tracked 10,072 phishing websites and found that 60% of ads on X directed users to malware designed to steal cryptocurrency. MS Drainer is available on a Dark Web forum, and unlike other malware where developers charge a 20% fee, its source code is directly sold to customers.

On December 22, Check Point Research (CPR) published research highlighting a worrying increase in sophisticated phishing attacks targeting various blockchain networks using crypto wallet-draining techniques. These attacks targeted Ethereum, Binance Smart Chain, Polygon, Avalanche, and almost 20 other networks.

CPR connected the attacks to Angel Drainer, a group known for its involvement in cyberattacks in the cryptocurrency space. Despite the shutdown of similar groups like Inferno Drainer, which helped steal over $80 million in cryptocurrency, Angel Drainer continues to operate.

Read more:

FBI Issues Urgent Alert as 'Phantom Hackers' Surge in Scam Activity!


Attackers create fake airdrops or phishing campaigns, offering free tokens to attract users. They redirect users to a fake website, requiring wallet connections. Users are tricked into interacting with smart contracts designed to steal tokens, unwittingly giving attackers access to their funds, enabling token theft.

Attackers use methods like mixers or multiple transfers to cash out stolen assets. Permission in ERC-20 tokens allows token holders to approve spenders to transfer tokens without on-chain transactions. However, if a user is tricked, the attacker can transfer funds without leaving a trace on the blockchain.

CPR and Scam Sniffer recommend that the advertising industry take steps to prevent malicious ads from reaching innocent users. They urge consumers and users to be cautious when opening links in online ads. Scam Sniffer emphasized the need for ad platforms to improve their verification processes to prevent malicious actors from exploiting their services.


Post a Comment