Wednesday, June 19, 2024

Hackers Stolen Over $58 Million in Crypto Via Malicious Google and X Ads

Threat actors targeting crypto wallets for illicit transactions have been in practice for quite some time.

Threat actors have been using Wallet Drainers for such cybercrime activities, which have seen great success in recent years. 

Several techniques were used for draining, which include phishing ads, supply chain attacks, Airdrop phishing, DNS attacks, and many others. These attacks result in much loss for victims due to crypto wallet stealing. 

However, one wallet drainer has been used predominantly in over 60% of the phishing ads used by threat actors.

Google Search & Twitter (X) Ad Phishing

According to the reports shared with Cyber Security News, 10,072 phishing sites account for $58.98 million in crypto wallets draining from 63,210 victims. This particular wallet drainer was first detected in March and again at the end of April.

Source: ScamSniffer
Source: ScamSniffer

As for Google Ad phishing, many campaigns were spotted that were related to Zapper, Lido, Stargate, Defillama, Orbiter Finance, and Radiant. As of Twitter, the phishing ads were called “Ordinal Bubbles,” and all of them were using the same drainer.

Twitter ads
Twitter ads (Source: ScamSniffer)

Ad Audit Bypass

To bypass the ad audits of these campaigns, threat actors have been using many methods, such as targeting specific regions, which will display the phishing page only to people from a specific region.

The page that can be seen when opening the link directly will be different from the one that is opened from the ad link.

In addition, redirect deception was also used in which the ad appears to be from the official domain, but the final redirected site is the phishing site.

The biggest victim of these phishing campaigns was a wallet address 0x13e382dfe53207e9ce2eeeab330f69da2794179e, which lost $24 million in September.

Drainer Analysis

The drainer, used in 60% of the phishing campaigns, was sold in a forum and is fully managed with a charge fee of 20%.

The sellers of this drainer share the source code and additional value-added modules to the drainer. 

Several features, such as adding a malicious signature for blur for phishing, will cost more and must be purchased from them. The developer of this drainer has been changed from pakulichev to Phishlab.

Furthermore, a complete report about these phishing campaigns and wallet drainers has been published, providing detailed information about the threat actors, the wallet drainers, and others.

It is recommended that users be extra cautious when viewing ads and be vigilant before entering their wallet details on a website.


Latest articles

Singapore Police Arrested Two Individuals Involved in Hacking Android Devices

The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for...

CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by...

Europol Taken Down 13 Websites Linked to Terrorist Operations

Europol and law enforcement agencies from ten countries have taken down 13 websites linked...

New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems

Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data.ARM's...

Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users

A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...

Hackers Employing New Techniques To Attack Docker API

Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles