A sophisticated phishing scheme leveraging Google Ads has been identified, targeting Web3 users, particularly cryptocurrency enthusiasts. The scam, initially aimed at users of Pudgy Penguins NFTs, highlights vulnerabilities in trusted ad networks and the broader risks to the cryptocurrency community.
The scheme was uncovered when ScamSniffer, a security research platform, responded to a user report about being redirected to a fraudulent Pudgy Penguins website via an advertisement on a Singaporean news outlet. Security experts traced the scam to malicious ads distributed through Google Ads, originating from the Adloox tracking domain. These advertisements reportedly carried harmful scripts designed to exploit Web3 wallet users.
🚨 URGENT SECURITY ALERT 🚨
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 25, 2024
1/6 A user reported being redirected to a fake @pudgypenguins website through a Singapore news portal. Our investigation revealed this is part of a larger malicious advertising campaign. pic.twitter.com/Izv3f87WrX
The malicious code embedded in the ads scans browsers for Web3 wallets and redirects users to fraudulent sites like 'pudqypenguin[.]com.' These sites are designed to steal wallet credentials. While Pudgy Penguins users were the initial targets, researchers warn that similar methods could be adapted to compromise other NFT projects and cryptocurrency platforms.
Ad system vulnerabilities exploited
Investigations revealed that the attack exploits vulnerabilities in websites using Prebid.js, a widely used header bidding library. Sites incorporating the Adloox analytics module risk inadvertently hosting malicious scripts, exposing visitors to malware.
Security researcher ZachXBT notified Adloox, prompting the removal of malicious JavaScript files from its content delivery network. This action reduced the immediate threat, though concerns about broader risks to Web3 users persist.
The emergence of such scams underscores the increasing challenges faced by the cryptocurrency community. While this attack has primarily affected specific regions, the implications are global. In France, for example, cryptocurrency-related scams have led to an estimated €500 million in annual losses.
French authorities have responded by intensifying efforts to combat these frauds, blacklisting around 5,000 platforms and blocking 350 websites. Scammers employ social media campaigns, impersonation tactics, and AI-driven methods to lure victims into fake investment schemes.
This phishing scheme targeting Web3 users serves as a stark reminder of the evolving threats in the cryptocurrency space. As the industry grows, both platforms and users must remain vigilant and adopt proactive measures to mitigate risks.