According to Scam Sniffer: Over $58 million has been stolen from approximately 63,210 victims via a 'Wallet Drainer' linked to Google search and 'X' ads. First detected in March by cybersecurity team SlowMist, the malicious operation employs sophisticated tactics including regional targeting, domain spoofing, and evasion of ad review processes.
The operation's reach intensified towards the end of April with detectable signs in Google search ad phishing. Noted cryptocurrency analyst Zachxbt later identified a cluster of related 'X' phishing ads, referred to as "Ordinals Bubbles", in late June that were all tied in with the same wallet drainer.
A study revealed that of X’s ad feeds tested, nine were phishing ads, with more than half utilizing this wallet drainer. These ads employ different strategies, including pretending to be legitimate domains and using redirect tricks to bypass security measures and leading unsuspecting users to phishing sites.
The fraudulent operation hit its peak activity in May, June, and November, with over 10,072 different sites implicated. The figures are astounding: the ill-gotten gains from this operation reach an estimated $58.98 million, all pilfered from its vast pool of victims.
Unlike most services that rake in a 20% profit from successful scams, the source code and additional features for this wallet drainer are sold openly on an online forum. Extra features, such as hazardous Blur signatures, come with additional charges.
The campaign points to a worrying trend: Advertising platforms have become lucrative vessels for scammers to perpetrate their deeds cost-effectively, exploiting Google's search algorithms and X's broad user base. With the continuous evolution of criminal tactics such as domain spoofing and dodging ad reviews, the persistence of this threat cannot be understated.