Scammers have used Google Ads to steal cryptocurrencies worth $500,000 in a matter of days, a new report showed on Monday, even as cryptocurrencies witness rapid adoption across the world, especially in India.
According to the report by Check Point Research (CPR), scammers are placing ads at the top of Google Search that imitate popular wallet brands, such as Phantom and MetaMask, to trick users into giving up their wallet passphrase and private key.
“In a matter of days, we witnessed the theft of hundreds of thousands of dollars worth of crypto. We estimate that over $500k worth of cyrpto was stolen this past weekend alone,” Oded Vanunu, Head of Products Vulnerabilities Research at Check Point, said in a statement.
“I believe we’re at the advent of a new cyber crime trend, where scammers will use Google Search as a primary attack vector to reach crypto wallets, instead of traditionally phishing through email,” Vanunu warned.
To lure their victims, scammers placed Google Ads at the top of Google Search that imitated popular wallets and platforms, such as Phantom App, MetaMask and Pancake Swap.
Each advertisement contained a malicious link that, once clicked, directed a victim into a phishing website that copied the brand and messaging of the original wallet website.
From here, the scammers tricked their victims into giving up their wallet passwords, setting the stage for wallet theft.
Traditionally, phishing campaigns originate in emails.
In what appears to be a new trend, multiple scamming groups are now bidding for wallet-related keywords on Google Ads, using Google Search as an attack vector to target victims’ crypto wallets, the report noted.