Fraudulent campaigns had worked through Google to rank fake websites and stole at least half a million dollars from cryptocurrency users.
Users of the Metamask and Phantom digital wallets were the target of a massive new wave of attacks that stole at least $ 500,000 worth of cryptocurrencies.
A recent investigation registered by Check Point Research (CPR) warned about a massive search engine phishing campaign that generated losses of almost half a million dollars to cryptocurrency users.
According to CPR, in recent days, there have been some events in which hundreds of cryptocurrency users have their funds stolen while trying to download and install popular wallets, such as Metamask or Phantom. Users of popular decentralized exchange (DEX) platforms such as PancakeSwap or Uniswap have also been the victims of attacks.
Fraudulent Website Ads on Google
According to the investigation, the fraudulent campaigns applied ads from search engines to find digital wallet users. These campaigns then used fake URLs and websites as a tool for scammers to extract wallet passwords to access cryptocurrency funds stored in those wallets, CPR said.
To accomplish Phishing attacks, cyber attackers pose as a trusted person, company, website, or application to steal funds.
Regarding the CPR alerting campaign, hackers emulated the Metamask and Phantom wallet platforms, as well as the PancakeSwap and Uniswap websites. For example, for Phantom, the attackers used phishing domains such as Phantom. app or phantom. app in clear contrast to the legitimate domain phantom. app.
According to a series of reports, the imitations were very similar; the attack was unnoticeable for many users, especially for the less experienced users. Many users reported through Reddit that they just installed the phantom wallet and somehow downloaded the scam.
Users Should be Afraid of Weird URLs
The report also explained how cyber scammers used a Google ad campaign to steal users’ private keys and access their MetaMask wallets. The private key, which acts as a master key to access funds from an address, allowed attackers to steal the funds.
To carry out these phishing attacks, malicious users applied the same strategy with MetaMask. They applied domains with names very similar to the legitimate ones, such as “MètaMask” or “metamas. top”, and they advertised the fraudulent websites on popular search engines like Google. That way, when users searched for keywords on the browser, the first link that came up was ads from fraudulent websites.
The Check Point Research team highlighted that this type of phishing attack was more elaborate than usual, precisely because of the tactics used by hackers who took advantage of search engines like Google to position their scams.
As an alternative to protect themselves from potential phishing attacks like this one, CPR suggested cryptocurrency users refrain from clicking on ads and only use direct and well-known URLs.
By: Jenson Nuñez
