A promoted link on Google had malware that stole NFTs and cryptocurrency worth thousands of dollars from an influencer’s wallet.
- A popular NFT influencer claims to have suffered a “life-changing amount” of financial loss as a result of unintentionally downloading harmful software.
- Attackers gained access to his Substack account and sent phishing emails to his 16,000 subscribers.
- Analysts were unable to access the user’s search results or confirm that the malicious website was still operational.
NFT Influencer’s Claims
After unintentionally installing malicious software obtained from a Google Ad search result, an NFT influencer claims to have lost “a life-changing amount” of their net worth in NFTs and cryptocurrency. On January 14, the Twitter user who goes by the pseudonym “NFT God” made a series of tweets outlining how his “entire digital existence” had been attacked, including a breach of his cryptocurrency wallet and numerous internet accounts.
NFT God, also known as “Alex,” claimed to have downloaded the open-source video streaming program OBS via Google’s search engine. But he chose to click on the sponsored advertisement for what he believed to be the same thing rather than the official website.
Alex didn’t discover that Malware had been downloaded from the sponsored advertisement alongside the software he requested until hours later, following a sequence of phishing tweets broadcast by attackers on two Twitter accounts Alex manages.
When Alex got a message from a friend, he found that his cryptocurrency wallet had also been taken over. His 16,000 subscribers were targeted with phishing emails the next day after hackers accessed his Substack account.
Statistics
According to blockchain data, a Mutant Ape Yacht Club (MAYC) NFT, whose current floor price is 16 ETH ($25,000), and several other NFTs were taken from Alex’s wallet. At least 19 Ether, which at the time was worth close to $27,000, were also taken. The attacker moved most of the ETH through various wallets before transferring it to the decentralized exchange (DEX) FixedFloat, where it was traded for unidentified coins.
The “key mistake,” according to Alex, that allowed the wallet attack was setting up his hardware wallet as a hot wallet by entering its seed phrase “in a way that no longer kept it cold” or offline. This gave the hackers access to his crypto and NFTs. NFT Unfortunately, God is not the only person who has seen cryptocurrency-stealing spyware in Google Ads.
Cyble Report
Threat actors (TAs) are enticing consumers into installing viruses like Stealer and Remote Access Trojan (RAT) to infect users’ systems and steal crucial data more frequently. Cyble Research & Intelligence Labs (CRIL) is actively tracking several stealer viruses to inform and enlighten its readers.
Using Google Ads on “compelling phishing webpage[s],” the Malware known as “Rhadamanthys Stealer,” which steals personal information, was described in a January 12 report from the cybersecurity company Cyble. Following the Malware as a Service (MaaS) business model, the TA operating the malware stealer is currently offering this active stealer type.
Zhao’s Warning
Google search results were favoring cryptocurrency phishing and scam websites, according to Changpeng “CZ” Zhao, CEO of Binance, who issued a warning about this in October. This impacts those who use these phishing websites to add smart contract addresses to MetaMask.
Users for feedback contacted google, but no response was given. However, Google stated on its support site that it “actively works with reputable advertisers and partners to help prevent malware in ads.” To routinely analyze Google Ads, it also describes how it uses “proprietary technologies and malware detection techniques.”
Possible Solution
Multiparty computation (MPC) cryptocurrency wallets have a few benefits over conventional wallets. MPC wallets are more dependable since they guarantee that users’ assets remain accessible even if one or more parties are unavailable or unresponsive. Because the secret keys are divided into several portions and given to various parties, privacy is also enhanced. An MPC crypto wallet will rely on the user’s particular demands and expectations.
