Home Google Ads exploited to target Whales Market users

Google Ads exploited to target Whales Market users

TL:DR

  • Cybercriminals are leveraging Google's advertising platform to target users of the decentralized OTC trading platform Whales Market.
  • They create legitimate-looking Google Search ads that redirect users to a malicious phishing site designed to steal their wallet assets.
  • The phishing site, with a URL similar to the legitimate one, replicates Whales Market's trading platform and steals users' assets once they connect their wallets.

Cybercriminals are exploiting Google’s advertising platform to target users of the decentralized OTC trading platform Whales Market, according to a recent BleepingComputer report.

By creating a legitimate-looking Google Search advertisement, threat actors are redirecting unsuspecting visitors to a malicious phishing site designed to drain their wallets of all assets.

The sponsored ad appears at the top of Google search results when searching for “Whales Market.” It displays the correct domain, whales.market, and even shows the legitimate URL https://whales.market when hovering over the link. However, clicking on the ad redirects users through a series of sites, ultimately landing them on a phishing site with an extra “s” in the domain name: https://app.whaless\[.\]market/.

This phishing site is a near-perfect replica of the legitimate Whales Market website, including its trading platform. Once users connect their wallets, malicious scripts steal all their assets. BleepingComputer explained:

This phishing site replicates the legitimate website, including its trading platform. Once you connect your wallet, though, malicious scripts will drain it of all assets.

To avoid falling victim to such scams, it is crucial to double-check the domain displayed in the browser’s address bar before connecting your wallet to any Web3 website. If the site looks even slightly suspicious, do not connect your wallet. Also consult our guide to identifying and avoiding top crypto scams.

Threat actors have been abusing Google Ads for years to distribute malware and redirect users to phishing sites and tech support scams. They use sophisticated techniques to bypass ad platform security checks, such as redirecting visitors based on their IP address or browser user agent. When Google’s or Microsoft’s search bots visit the ad’s click URL, they are redirected to the legitimate website, while regular visitors are sent to malicious sites.

This method has proven effective for years, and Google has struggled to prevent these types of advertisements from slipping through the cracks. Other ad platforms, such as Microsoft and X, are also affected by similar techniques.

One notorious example was when back in January hackers hijacked prominent verified accounts on X, formerly known as Twitter, to promote crypto scams and drop links to drainers.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Radek Zielinski
Tech Journalist

Radek Zielinski is an experienced technology and financial journalist with a passion for cybersecurity and futurology.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.