Nov. 10— After observing the disappearance of hundreds of thousands of dollars’ worth of cryptocurrency from victims, researchers are warning of Google Ads scams used to steal crypto wallets.
Google Ads scams
In recent weeks, scammers have placed Google Ads at the top of Google Search, which mimicked popular crypto wallets and platforms; from Phantom App to Pancake Swap. Within each ad, hackers had embedded a malicious link. Victims who clicked on the link would then see a phishing site designed to look nearly identical to the original wallet website.
Once victims were on the site, scammers tricked victims into revealing wallet passwords. Hackers then used the passwords for wallet theft.
In the past, phishing scams were largely relegated to communication forms like email or text messages. In what is emerging as a new trend, multiple hacker groups appear to be competing for wallet-related keywords on Google Ads. At the same time, these hackers are turning Google Search into an attack vector.
How the Google Ads scam works
- Scammers launch a Google Ad that appears as the first Google result when users type in a query related to crypto wallets.
- Victims accidentally click on the malicious link associated with the ad.
- A fake website steals passwords or provides a new passphrase for a newly created cryptocurrency wallet.
- Regardless of method, the scammer can access your crypto wallet and can potentially steal all cryptocurrency.
Identifying the Google Ads scams
Regarding the domain “Phantom.app,” researchers encountered phishing variants like phantom.app or phantonn.app or similar extensions with “.pw,” among others.
As noted previously, each malicious link leads to a phishing website.
Thus far, researchers have identified 11 compromised wallet accounts, each of which contains between $1K and $10K. Scammers have withdrawn funds, and more than $500k has disappeared.
“In a matter of days, we witnessed the theft of hundreds of thousands of dollars worth of crypto. We estimate that over $500k worth of cyrpto was stolen this past weekend alone. I believe we’re at the advent of a new cyber crime trend, where scammers will use Google Search as a primary attack vector to reach crypto wallets, instead of traditionally phishing through email,” said Head of Product Vulnerabilities with Check Point Software, Oded Vanunu.