‘MS Drainer’ scammers used Google Ads to swipe $59M in crypto: Report

‘MS Drainer’ scammers used Google Ads to swipe $59M in crypto: Report - Qoneqt

Vikshita Vitthal Gujaran in Crypto News

22-Dec-2023 12:20 PM

‘MS Drainer’ scammers used Google Ads to swipe $59M in crypto: Report

The attackers used a variety of techniques to get around Google AdSense audits, including regional targeting and page-switching.
Scammers used a wallet draining service called “MS Drainer” to siphon approximately $59 million in crypto from victims over the past nine months, according to a Dec. 21 report on X (formerly Twitter) from blockchain security platform Scam Sniffer. The scammers used Google Ads to target victims with fake versions of popular crypto sites, including Zapper, Lido, Stargate, DefiLlama, Orbiter Finance and Radient, the report states.Wallet drainers are blockchain protocols that allow scammers to transfer crypto from a victim to the attacker without their consent, usually by exploiting the token approval process. Developers usually charge a percentage of the profit in exchange for using their drainer software, and this fee is enforced through smart contracts, making it impossible to avoid.Scam Sniffer first became aware of MS Drainer in March. At the time, the SlowMist security platform team helped with the investigation. In June, on-chain sleuth ZachXBT provided further evidence, uncovering a phishing scam called “Ordinal Bubbles” that was linked to the drainer. The investigators uncovered nine different phishing ads on Google, 60% of which used the malicious program.

Under normal circumstances, Google uses auditing systems to prevent phishing scam ads from being posted. However, Scam Sniffer found that the scammers used “regional targeting and page-switching tactics to bypass ad audits, complicating the review process” and allowing their ads to get through Google’s quality control systems.

The scammers also used web redirects to fool Google’s users into thinking links led to official websites. For example, the scam site cbridge.ceiler.network, which contains a misspelling of the word “Celer,” was disguised as the correct URL: cbridge.celer.network. Despite the correct spelling being displayed on the ad, the link nevertheless redirected the user to the incorrectly spelled scam site.

Source - CoinTelegraph

₹0

Sonal Shridhar Shinde

:raised_hands:

Create Post Create Project Create Shop

0/1000

Quick preview

Group

27 Jul 05:46 AM

Post title

Be a part of verified social community platform. Qoneqt intends to bring authenticity in communication between communities and Individuals online with real faces.

Create project

Quick preview

Jesica doe

News

17 Apr 12:27 PM

Petrol, Diesel Price Today: Diesel Becomes Cheaper After 31 Days, Know Fuel Rates in your city

Diesel Price had declined across the country after over a month on Wednesday. However, the petrol prices have remained unchanged for Read more

Create shop

Quick preview

Jesica doe

News

17 Apr 12:27 PM

Petrol, Diesel Price Today: Diesel Becomes Cheaper After 31 Days, Know Fuel Rates in your city

Diesel Price had declined across the country after over a month on Wednesday. However, the petrol prices have remained unchanged for Read more

Personal details

(Or)

Enter email address

Date of birth

Gender

Nationality

Identity verification

Face verification

Face preview

Create Post Create Project Create Shop

Quick preview

Jesica doe

Example

17 Apr 12:27 PM

Post title

Be a part of verified social community platform. Qoneqt intends to bring authenticity in communication between communities and Individuals online with real faces.