Check Point Research (CPR) has issued a warning about scammers exploiting Google Ads to steal crypto wallets. CPR observed that popular brands like Phantom and MetaMask were being impersonated and used as Google Ads on the search engine to scam users into sharing their crypto wallet’s private key and passphrase.
According to CPR, an estimated $500k (approximately) worth of cryptocurrency was stolen in a matter of days.
.@_CPResearch_ discovered scammers were using #searchengine ads to direct users to fake #crypto wallets. Check Point Head Of Products Vulnerability Research, @Od3dV, spoke to The Verge about the details of the campaign. Learn more, here: https://t.co/w6xN6JqltC #CyberSec pic.twitter.com/lpuywWHpKj
— Check Point Software (@CheckPointSW) November 4, 2021
The Crypto Lure
Scammers usually resort to phishing campaigns that conventionally use emails to lure or trap victims. The threat actors are leveraging on the crypto market’s popularity and bidding for crypto wallets.
Google Ads that ape popular wallets and crypto platforms such as Phantom App, MetaMask, and Pancake Swap, contain malicious links that appear at the top of the Google search results. Any search query related to the crypto wallet directs the user to one of the infected ads. Clicking any of these malicious links, directs the victim to a fake website, which looks like the brand’s legitimate website. Furthermore, the scammers trick their victims into giving up their wallet passwords, setting the stage for wallet theft.
Oded Vanunu, Head of Products Vulnerabilities Research at Check Point, said, “In a matter of days, we witnessed the theft of hundreds of thousands of dollars’ worth of crypto. We estimate that over $500k worth of crypto was stolen this past weekend alone. I believe we’re at the advent of a new cybercrime trend, where scammers will use Google Search as a primary attack vector to reach crypto wallets instead of traditionally phishing through email. In our observation, each advertisement had careful messaging and keyword selection to stand out in search results. The phishing websites the victims were directed to, reflected meticulous copying and imitation of wallet brand messaging. And what’s most alarming is that multiple scammer groups are bidding for keywords on Google Ads, which is likely a signal of the success of these new phishing campaigns geared to heist crypto wallets. Unfortunately, I expect this to become a fast-growing trend in cybercrime. I strongly urge the crypto community to double-check the URLs they click on and avoid clicking on Google Ads related to crypto wallets at this time.”
CheckPoint Recommends Crypto Security
- Examine the browser URL. Only the extension should create the passphrase, and understand if this is an extension or a website, always look at the browser URL.
- Look for the extension icon. The extension will contain an extension icon near it and a chrome-extension URL:MetaMask/ chrome extension://
- Never give out your passphrase. Users should never give out their passphrases; no one should ever ask for that, as it is useful again only when installing a new wallet.
- Skip the ads. If you are looking for wallets or crypto trading and swapping platforms in the crypto space, always look at the first website in your search and not in the ad, as these may mislead you to getting scammed by the attackers.
- Take a look at the URL. Last but not least – always double-check the URLs!
Choice of Scammers
Threat actors favor cryptocurrency as a medium of ransom and now also for exploits. Cryptocurrency scams have been escalating and have become more prevalent, with over $70 million losses being reported in the first half of this year and estimated to reach $140 million by the end of the year. More than half of the investment scams were related to cryptocurrency trading, primarily through Bitcoin, as cybercriminals capitalize on users’ interest in cryptocurrency. Cryptocurrency scams are the most reported investment scams causing significant losses. Of the 1,931 reports involving a loss, 955 (49.5%) were due to cryptocurrencies loss of $29,277,896. Bitcoin accounted for over $25 million of these losses.
A report from cybersecurity firm, Barracuda, registered a staggering 192% rise in cryptocurrency-related cyberattacks since the Bitcoin surge of October 2020.
Threat actors pretended to be from highly profitable crypto exchanges and trading platforms, tricking users into investing in their fake schemes. They also leveraged phony celebrity endorsements and gave small returns to investors to gain investors’ trust. In addition to financial frauds, scammers also committed personal data and identity thefts by exploiting investors’ data.
Given the surge in cryptocurrency criminal activities, certain governments have also issued bans on the crypto activity to contain the malicious spread. Some countries are jointly working on stringent laws to make the crypto operators more accountable. Either way, the crypto market remains a popular choice and will only grow moving ahead; what we need is more regulations and accountability to make it mainstream.