A new and sophisticated phishing scheme has been identified that uses Google Ads to deceive Web3 users, particularly cryptocurrency enthusiasts. The scam initially targeted users of Pudgy Penguins NFTs and highlights vulnerabilities in widely trusted advertising networks while highlighting the broader risks it poses to the cryptocurrency community.
The scam came to light when ScamSniffer, a security research platform, responded to a report from a user who had been redirected to a fraudulent Pudgy Penguins website via an ad in a Singapore news outlet. Security experts attributed the origin of the attack to malicious advertisements running on the Adloox tracking domain and distributed via Google Ads. These ads reportedly contained malicious scripts aimed at exploiting Web3 Wallet users.
The embedded malicious code scans browsers for the presence of Web3 wallets and then redirects users to fraudulent websites such as “pudqypenguin”.[.]com.” These fake websites are designed to extract wallet credentials from unsuspecting users. While the scam initially focused on Pudgy Penguins NFT users, security researchers warn that the methods used in the attack could easily be adapted to compromise other NFT projects and cryptocurrency platforms.
Exploitation of vulnerabilities in advertising systems
Further investigation revealed that the scam exploits a vulnerability in websites that use Prebid.js, a widely used header bidding library. Websites that integrate the Adloox analytics module run the risk of accidentally running malicious scripts on their advertising networks, potentially exposing visitors to malware infections.
On…
