Tuesday, October 15, 2024
HomeCyber Security NewsHackers Stolen Over $58 Million in Crypto Via Malicious Google and X...

Hackers Stolen Over $58 Million in Crypto Via Malicious Google and X Ads

Published on

Malware protection

Threat actors targeting crypto wallets for illicit transactions have been in practice for quite some time.

Threat actors have been using Wallet Drainers for such cybercrime activities, which have seen great success in recent years. 

Several techniques were used for draining, which include phishing ads, supply chain attacks, Airdrop phishing, DNS attacks, and many others. These attacks result in much loss for victims due to crypto wallet stealing. 

- Advertisement - SIEM as a Service

However, one wallet drainer has been used predominantly in over 60% of the phishing ads used by threat actors.

Google Search & Twitter (X) Ad Phishing

According to the reports shared with Cyber Security News, 10,072 phishing sites account for $58.98 million in crypto wallets draining from 63,210 victims. This particular wallet drainer was first detected in March and again at the end of April.

Source: ScamSniffer
Source: ScamSniffer

As for Google Ad phishing, many campaigns were spotted that were related to Zapper, Lido, Stargate, Defillama, Orbiter Finance, and Radiant. As of Twitter, the phishing ads were called “Ordinal Bubbles,” and all of them were using the same drainer.

Twitter ads
Twitter ads (Source: ScamSniffer)

Ad Audit Bypass

To bypass the ad audits of these campaigns, threat actors have been using many methods, such as targeting specific regions, which will display the phishing page only to people from a specific region.

The page that can be seen when opening the link directly will be different from the one that is opened from the ad link.

In addition, redirect deception was also used in which the ad appears to be from the official domain, but the final redirected site is the phishing site.

The biggest victim of these phishing campaigns was a wallet address 0x13e382dfe53207e9ce2eeeab330f69da2794179e, which lost $24 million in September.

Drainer Analysis

The drainer, used in 60% of the phishing campaigns, was sold in a forum and is fully managed with a charge fee of 20%.

The sellers of this drainer share the source code and additional value-added modules to the drainer. 

Several features, such as adding a malicious signature for blur for phishing, will cost more and must be purchased from them. The developer of this drainer has been changed from pakulichev to Phishlab.

Furthermore, a complete report about these phishing campaigns and wallet drainers has been published, providing detailed information about the threat actors, the wallet drainers, and others.

It is recommended that users be extra cautious when viewing ads and be vigilant before entering their wallet details on a website.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware

The Horus Protector crypter is being used to distribute various malware families, including AgentTesla,...

ErrorFather Hackers Attacking & Control Android Device Remotely

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to...

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...

Fortigate SSLVPN Vulnerability Exploited in the Wild

A critical vulnerability in Fortinet's FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware

The Horus Protector crypter is being used to distribute various malware families, including AgentTesla,...

ErrorFather Hackers Attacking & Control Android Device Remotely

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to...

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...