Phishing scam using false advertisements
Web3’s fraud prevention platform Scam Sniffer announced on the 21st that a type of malware called MS Drainer had stolen approximately 8.4 billion yen (nearly $58.98 million) from approximately 63,210 victims over the past nine months.
MS Drainer is a piece of malware called Wallet Drainer that is designed to create transactions that steal crypto assets (virtual currency) from wallets.
7/ Over 9 months, we’ve tracked 10,072 sites linked to this wallet drainer, with activity peaking in May, June, and November. pic.twitter.com/VK2vBN2WC7
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 21, 2023
Scam Sniffer has detected approximately 10,072 phishing websites using MS Drainer from March to December. It was especially active in May, June, and November.
It takes the form of a phishing scam disguised as an advertisement on the web, and even when Internet users think they have clicked on an advertisement for an official blockchain project, they are actually redirected to a fake site.
For example, scammers created fraudulent versions of popular platforms such as Zapper, Lido, DefiLlama, and Radient and used Google’s advertising system to direct victims to fake sites. These fraudulent advertising links have also been observed on the X platform.
6/ Phishing ads employ redirect tricks to seem legit, like disguising links as official domains that actually lead to phishing sites. pic.twitter.com/EBiaWc0sf8
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 21, 2023
It also uses redirect technology, which makes the URL in the ad appear to be from an official domain, but actually redirects you to a phishing site.
It also used geo-targeting and frequently switched landing pages to evade Google’s ad audit system.
Many phishing scams target virtual currency users. Most recently, in September, 3.6 billion yen worth of Ethereum (ETH) was stolen in a single phishing scam. This was one of the largest losses ever for a single virtual currency scam.
connection: Ethereum worth 3.6 billion yen was stolen by phishing scam, the largest single loss ever
What is a phishing scam?
A cyber crime that deceives users by redirecting them to fake sites and stealing authentication information and personal information.
Virtual currency glossary
400 million yen stolen on Christmas day
On Christmas Day, the 25th, Scam Sniffer used a technique that transferred people from Google ads to fraudulent sites, and in 24 hours, it collected approximately 430 million yen in wrapped Bitcoin (wBTC), Aave USDC (aUSDC), USDT, and others. ($3 million) worth of virtual currency was reported stolen.
He continued that it’s important for users to always be suspicious of advertisements and to carefully check if they receive a signature request to make sure it’s not a phishing scam. Advertising platforms also need to strengthen their verification processes.
What is “address poisoning”?
People are also calling attention to “address poisoning,” a new method of fraud.
This involves sending small amounts of money to the victim’s wallet from a fake address similar to the recipient address to which the victim previously sent money, leaving a transaction history. The target is for the victim to mistakenly identify the address as a real address, select a fake address from her transaction history, and send money.
connection: Metamask warns of new scam “address poisoning”
CoinPost Special feature for virtual currency beginners
We have introduced the “Heat Map” function to the CoinPost app for investors!
In addition to important news about virtual currencies, you can also see at a glance exchange information such as the dollar yen and price movements of crypto asset-related stocks in the stock market such as Coinbase.
■Click here to download the iOS and Android versions
https://t.co/9g8XugH5JJ pic.twitter.com/bpSk57VDrU
— CoinPost (virtual currency media) (@coin_post) December 21, 2023
The post Over 8 billion yen worth of virtual currency stolen in Google’s fake advertising phishing scam appeared first on Our Bitcoin News.