Vanessa
A sophisticated phishing scam targeting Web3 users has emerged, exploiting Google Ads to deceive cryptocurrency enthusiasts. The attack, initially focused on Pudgy Penguins NFT users, reveals vulnerabilities in trusted ad networks and poses a broader threat to the crypto realm.
The scam was uncovered by ScamSniffer after a user reported being redirected to a fake Pudgy Penguins website through a Singapore news site. Security researchers traced the issue to malicious advertisements hosted on the Adloox tracking domain, distributed via Google Ads. These ads embedded harmful scripts designed to target Web3 wallet users.
🚨 URGENT SECURITY ALERT 🚨
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 25, 2024
1/6 A user reported being redirected to a fake @pudgypenguins website through a Singapore news portal. Our investigation revealed this is part of a larger malicious advertising campaign. pic.twitter.com/Izv3f87WrX
Pudgy Penguins Users Targeted
The malicious code scans browsers for Web3 wallets and redirects users to fraudulent sites like “pudqypenguin[.]com” to steal wallet credentials. Although Pudgy Penguins users are the primary targets, researchers warn the technique could easily be adapted to attack other NFT and crypto projects.
Further investigation revealed the scam exploits vulnerabilities in websites using Prebid.js, a popular header bidding library. If these sites utilize the Adloox analytics module, they risk inadvertently running malicious scripts through their ads, potentially leading to malware infections.
In response to the discovery, security researcher ZachXBT promptly alerted Adloox, resulting in the removal of the malicious JavaScript files from its content delivery network (CDN).
To protect against such attacks, experts advise Web3 users to implement ad blockers, verify website URLs, and use separate browsers for cryptocurrency-related activities. Tools like ScamSniffer can help detect and prevent phishing attempts.
As the crypto world continues to grow, users must remain vigilant against evolving threats, not just in the United States but globally. Recently, French regulators started being more combative against rising crypto scams, which a study revealed cost victims €500 million annually in the country alone. Scammers reportedly use social media, impersonation, and AI to promote fake investments. French authorities have, so far, blacklisted 5,000 platforms and blocked 350 sites.
Read More
- French Crypto Scams Surge as Regulators Crack Down on Fraud Networks
- Hyperliquid Faces Threat as North Korean Hackers Target Platform
- Privacy Tech Patent Battle Heats Up: Kaal Dhairya Supports Rand Hindi as Zama-Sunscreen Legal War Intensifies
Vanessa has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.
