Hackers Stolen Over $58 Million in Crypto Via Malicious Google and X Ads

Threat actors targeting crypto wallets for illicit transactions have been in practice for quite some time.

Threat actors have been using Wallet Drainers for such cybercrime activities, which have seen great success in recent years. 

Several techniques were used for draining, which include phishing ads, supply chain attacks, Airdrop phishing, DNS attacks, and many others. These attacks result in much loss for victims due to crypto wallet stealing. 

However, one wallet drainer has been used predominantly in over 60% of the phishing ads used by threat actors.

Google Search & Twitter (X) Ad Phishing

According to the reports shared with Cyber Security News, 10,072 phishing sites account for $58.98 million in crypto wallets draining from 63,210 victims. This particular wallet drainer was first detected in March and again at the end of April.

Source: ScamSniffer

As for Google Ad phishing, many campaigns were spotted that were related to Zapper, Lido, Stargate, Defillama, Orbiter Finance, and Radiant. As of Twitter, the phishing ads were called “Ordinal Bubbles,” and all of them were using the same drainer.

Twitter ads (Source: ScamSniffer)

Ad Audit Bypass

To bypass the ad audits of these campaigns, threat actors have been using many methods, such as targeting specific regions, which will display the phishing page only to people from a specific region.

The page that can be seen when opening the link directly will be different from the one that is opened from the ad link.

In addition, redirect deception was also used in which the ad appears to be from the official domain, but the final redirected site is the phishing site.

The biggest victim of these phishing campaigns was a wallet address 0x13e382dfe53207e9ce2eeeab330f69da2794179e, which lost $24 million in September.

Drainer Analysis

The drainer, used in 60% of the phishing campaigns, was sold in a forum and is fully managed with a charge fee of 20%.

The sellers of this drainer share the source code and additional value-added modules to the drainer. 

Several features, such as adding a malicious signature for blur for phishing, will cost more and must be purchased from them. The developer of this drainer has been changed from pakulichev to Phishlab.

Furthermore, a complete report about these phishing campaigns and wallet drainers has been published, providing detailed information about the threat actors, the wallet drainers, and others.

It is recommended that users be extra cautious when viewing ads and be vigilant before entering their wallet details on a website.

Eswar

Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Google Unveils New Intelligent, Real-Time Protections for Android Users

Google has once again raised the bar for mobile security by introducing two new AI-powered…

20 hours ago

Chinese National Faces 20 Years of Jail Time for Laundering Millions in Crypto

Daren Li, 41, a dual citizen of China and St. Kitts and Nevis, and a…

20 hours ago

Google to Issue CVEs for Critical Cloud Vulnerabilities

Google Cloud has announced a significant step forward in its commitment to transparency and security…

21 hours ago

GitLab Patches Critical Flaws Leads to Unauthorized Access to Kubernetes Cluster

GitLab has rolled out critical security updates to address multiple vulnerabilities in its Community Edition…

23 hours ago

Windows 0-Day Exploited in Wild with Single Right Click

A newly discovered zero-day vulnerability, CVE-2024-43451, has been actively exploited in the wild, targeting Windows systems…

24 hours ago

Automating Identity and Access Management for Modern Enterprises

Keeping track of who has access and managing their permissions has gotten a lot more…

2 days ago