Researchers from Check Point Research explain that a growing number of scams targeting cryptocurrency holders are now using Google AdSense advertising inserts. The modus operandi is always the same: cybercriminals buy Google AdSense advertising inserts with a graphic charter that evokes the biggest exchanges like Phantom and MetaMask.
When the user clicks, he finds himself on a site designed both to give him confidence and to collect their wallet password as well as their private key. Once cybercriminals are in possession of this information, they can completely empty their victim’s wallet. Check Point estimates that the equivalent of more than $ 500,000 in cryptocurrency has already been stolen through this scheme.
Cybercriminals buy Google Ads ads to steal your crypto
The researchers therefore urge cryptocurrency holders to be extremely vigilant. Especially since the phenomenon seems to be progressing with worrying rapidity. Check Point explains, for example, that it detected many large sums of money going from the wallet of victims to those of cybercriminals just this weekend. Usually this type of phishing attempt starts with emails or links received by SMS.
Google is supposed to sort out purchase requests from advertising inserts – and therefore rule out these types of malicious ads. But obviously many groups of hackers seem to have found a method to bypass the firm’s radars. Until the problem is effectively resolved by Google and other advertising agencies, we must therefore no longer rely at all on advertising inserts around crypto.
Holders of Ether and Solana seem like prime targets at this time. “In the space of a few days, we witnessed the theft of hundreds of thousands of dollars in crypto. We estimate that over $ 500,000 worth of crypto was stolen during the past weekend alone. I believe we are at the start of a new trend in cybercrime with scams that rely on Google Search as the primary attack vector allowing them to reach crypto wallets, instead of performing more traditional phishing attempts via E-mail”, explains Oded Vanunu, leader of the vulnerabilities division at Check Point.
And the person in charge to continue: “What we observed is that each ad was given special attention in the choice of message and keywords, in order to stand out in the search results. The phishing sites to which victims were redirected were characterized by meticulous copying and imitation of wallet brand messages. And what is most alarming is that many scam groups are buying Google Ads keywords, which gives some idea of the success of these new phishing campaigns which aim to empty crypto wallets ”.
Oded Vanunu concludes: “Unfortunately, I expect this to turn into a major trend in cyber crime very quickly. I urge the crypto community to double-check clickable URLs and avoid clicking on crypto-related Google Ad ads at this time ”.
How can you protect yourself against these phishing attempts?
Check Point gives some tips to protect against these phishing attempts:
- Examine the URL: Most crypto platforms rely on an extension to manage wallets – is that an extension that shows in the address bar or a regular site?
- Check for an icon showing extensions to the left of the address bar (the icon looks like a puzzle piece)
- Never give out your wallet passwords. No serious site will ever ask you.
- Don’t click on any crypto-related ads – until Google steps in to prevent these phishing attempts.
Have you noticed the appearance of these weird crypto-related ads? Share your feedback in the comments!