Researchers at Check Point Research have warned to scammers who use Google Ads to steal cryptocurrencies and that hundreds of thousands of dollars were stolen from scammers over the weekend alone.
Scammers place ads at the top of Google search that mimic popular cryptocurrency wallets, such as the Phantom App, MetaMask, and Pancake Swap, in an attempt to steal passwords for users ’wallets.
Scammers used Google Ads to direct users to fake cryptocurrency wallets. Check Point Research researchers estimate that approximately half a million dollars have been stolen from victims’ wallets in this way in the last few days alone.
Attackers buy Google Ads in response to a search for popular crypto wallets (software used to store cryptocurrencies). The ad at the top of the search results that appears above the actual search results contains a link that, if the user clicks on it without recognizing that it is an ad, leads the user to a phishing website that looks like the original wallet of the popular wallet. Then one of two scenarios happens: either the user enters his password (if he already has a wallet) that ends up in the attacker’s hands, or if he tries to create a new wallet he is told to use a recovery password that actually logs him into a wallet controlled by the attacker. not his own. “It simply came to our notice then [korisnici] transfer any funds, the attacker will get it immediately “, say the researchers.
As with phishing scams, attackers rely on making their fake login pages look as real as possible. In this case, attackers use fake URLs to deceive users, directing them to phanton.app, phantonn.app or phantom.pw, for example, instead of the correct phantom.app. It is similar with other lures to direct users to fake cryptocurrency wallets, including PancakeSwap and UniSwap.
CPR researchers say that they noticed that something was happening after they saw users complaining about their losses on Reddit and other forums. By crossing the user’s report, they estimated that “at least half a million dollars” were stolen during the weekend alone.
CPR found 11 compromised wallet accounts, each containing between $ 1,000 and $ 10,000. The fraudsters withdrew part of the funds before the CPR discovered the fraud.
“I believe we are at the beginning of a new trend in cybercrime, where fraudsters will use Google search as the primary vector of attack to reach crypto wallets, instead of traditional email phishing,” said Oded Vanunu, a CRP researcher. “Unfortunately, I expect this to quickly become a growing trend in cybercrime. I strongly urge the crypto community to double-check the URLs they click on and not click on Google Ads related to crypto wallets at this time. “
Source: Informacija.rs by www.informacija.rs.
*The article has been translated based on the content of Informacija.rs by www.informacija.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!