The sponsored ad bundled with malware resulted in the loss of “life changing amount” of crypto and NFTs.
Fraudulent entities are increasingly targeting the Google Ads platform to spread malware to unsuspecting users searching for popular software products. A pseudonymous NFT user, “NFT God,” is the latest victim of one such fraud.
They claimed to have had their “entire digital livelihood” violated as a result.
Losing a Life-Changing Amount
It all started when the popular NFT influencer went to download OBS onto their personal desktop computer. They ended up clicking on a sponsored advertisement instead of its official website.
It was only after attackers posted phishing tweets on both of their Twitter accounts that NFT God realized malware was at play.
In a series of tweets, the user said that both personal and professional accounts – Twitter, Substack, Gmail, Discord, and wallets – were hacked, which resulted in losing a “life-changing amount” of their net worth. The attackers even sent phishing emails to thousands of his subscribers on Substack account.
“My Substack means more to me than anything in my life that’s not a human being. It’s where I create my most deeply personal work. It’s where I built my community. It’s the personal achievement I’m most proud of in my life. It was now at risk of being destroyed. The hackers sent 2 emails to my 16,000 closest fans with hacked links. Trust I’ve worked over a year to build was gone. Losing a chunk of my net worth is nothing compared to losing the trust of my community.”
According to blockchain data, at least 19 ETH, along with several other NFTs, including one Mutant Ape Yacht Club (MAYC), were stolen by the attackers from this wallet. Most Ether funds were transferred to multiple wallets before moving to a decentralized exchange called FixedFloat and getting swapped for various digital assets.
NFT God believes the one critical mistake was entering the seed phrase “in a way that no longer kept it cold” in one technology led to the downfall of another. They said that while not buying a cold wallet was a “deadly mistake,” that alone does not account for digital security. Being careful while doing anything on the Internet is equally important.
Google Ads Abuse
Google Ads essentially help advertisers promote pages on Google Search. Any individual without an active ad blocker sees the promotion first. If Google detects a site to be malicious, it blocks the campaign, thereby removing the ads. This is why threat actors have resorted to a more sophisticated technique in a bid to circumvent Google’s policy enforcers and automated checks.
A recent report by Guardio Labs stated that the malicious sponsored advertisement link takes victims to a benign site before redirecting them to a trojanized version masquerading as a legitimate one.
The rogue site then takes the victim to the malicious payload. The threat actors reportedly lure users to download fraudulent versions of several prominent projects. While users would get what they download, the malware, on the other hand, would install silently.
Anti-virus programs running on victim’s machines fail to issue an alert because the payload mostly is downloaded from reputable file-sharing and code-hosting services such as GitHub, Dropbox, etc.