Scammers have used Google Ads to steal crypto currencies worth $500,000 in a matter of days, a new report by Check Point Research (CPR).
Scammers placed ads at the top of Google Search that imitate popular wallet brands, such as Phantom and MetaMask, to trick users into giving up their wallet passphrase and private key.
“We witnessed the theft of hundreds of thousands of dollars worth of crypto. Over $500,000 worth of cyrpto was stolen this past weekend alone,” Oded Vanunu, Head of Products Vulnerabilities Research at Check Point, said in a statement.
“We’re at the advent of a new cyber crime trend, where scammers will use Google Search as a primary attack vector to reach crypto wallets, instead of traditionally phishing through email,” Vanunu warned.
Scammers placed Google Ads at the top of Google Search that imitated popular wallets and platforms, such as Phantom App, MetaMask and Pancake Swap.
Each advertisement contained a malicious link that, once clicked, directed a victim into a phishing website that copied the brand and messaging of the original wallet website.
From here, the scammers tricked their victims into giving up their wallet passwords, setting the stage for wallet theft.
Traditionally, phishing campaigns originate in emails.
Multiple scamming groups are now bidding for wallet-related keywords on Google Ads, using Google Search as an attack vector to target victims’ crypto wallets, the report noted.
