Cybercriminals are exploiting Google’s advertising platform to target users of the decentralized OTC trading platform Whales Market, according to a recent BleepingComputer report.
By creating a legitimate-looking Google Search advertisement, threat actors are redirecting unsuspecting visitors to a malicious phishing site designed to drain their wallets of all assets.
Hey, @WhalesMarket
Someone just bought a phishing domain trying to scam your users
They're using Google Adwords to promote it pic.twitter.com/DKum52apTW
— DegenDesk (@Degen_Desk) April 18, 2024
The sponsored ad appears at the top of Google search results when searching for “Whales Market.” It displays the correct domain, whales.market, and even shows the legitimate URL https://whales.market when hovering over the link. However, clicking on the ad redirects users through a series of sites, ultimately landing them on a phishing site with an extra “s” in the domain name: https://app.whaless\[.\]market/.
This phishing site is a near-perfect replica of the legitimate Whales Market website, including its trading platform. Once users connect their wallets, malicious scripts steal all their assets. BleepingComputer explained:
This phishing site replicates the legitimate website, including its trading platform. Once you connect your wallet, though, malicious scripts will drain it of all assets.
To avoid falling victim to such scams, it is crucial to double-check the domain displayed in the browser’s address bar before connecting your wallet to any Web3 website. If the site looks even slightly suspicious, do not connect your wallet. Also consult our guide to identifying and avoiding top crypto scams.
Threat actors have been abusing Google Ads for years to distribute malware and redirect users to phishing sites and tech support scams. They use sophisticated techniques to bypass ad platform security checks, such as redirecting visitors based on their IP address or browser user agent. When Google’s or Microsoft’s search bots visit the ad’s click URL, they are redirected to the legitimate website, while regular visitors are sent to malicious sites.
This method has proven effective for years, and Google has struggled to prevent these types of advertisements from slipping through the cracks. Other ad platforms, such as Microsoft and X, are also affected by similar techniques.
One notorious example was when back in January hackers hijacked prominent verified accounts on X, formerly known as Twitter, to promote crypto scams and drop links to drainers.