Hackers Used Google Ads To Steal Cryptocurrencies Worth $500K
Cybercriminals have used Google Ads to steal cryptocurrencies worth $500,000 in a matter of days.
According to the report by Check Point Research (CPR), scammers are placing ads at the top of Google Search that imitates popular wallet brands, such as Phantom and MetaMask, to trick users into giving up their wallets passphrase and private key.
“In a matter of days, we witnessed the theft of hundreds of thousands of dollars worth of crypto. We estimate that over $500k worth of crypto was stolen this past weekend alone,” Oded Vanunu, Head of Products Vulnerabilities Research at Check Point, said in a statement.
“I believe we’re at the advent of a new cybercrime trend, where scammers will use Google Search as a primary attack vector to reach crypto wallets, instead of traditionally phishing through email,” Vanunu warned.
To lure their victims, scammers placed Google Ads at the top of Google Search that imitated popular wallets and platforms, such as Phantom App, MetaMask, and Pancake Swap.
Each advertisement contained a malicious link that, once clicked, directed a victim into a phishing website that copied the brand and messaging of the original wallet website.
From here, the scammers tricked their victims into giving up their wallet passwords, setting the stage for wallet theft.
Traditionally, phishing campaigns originate in emails.
In what appears to be a new trend, multiple scamming groups are now bidding for wallet-related keywords on Google Ads, using Google Search as an attack vector to target victims’ crypto wallets, the report noted.
The crypto industry in India claims to have over 10 crore users with an investment of over Rs 6 lakh crore, making it a major asset class.