Security News > 2021 > November > Crypto investors lose $500,000 to Google Ads pushing fake wallets
Threat actors are using advertisements in Google Search to promote fake cryptocurrency wallets and DEX platforms to steal user's cryptocurrency.
These advertisements promote sites that install fake Phantom and MetaMask wallets used for Solana and Ethereum, and fake decentralized exchange platforms, such as PancakeSwap and Uniswap.
Any cryptocurrency transferred into that wallet is now also accessible by the threat actors, who can transfer it to other wallets under their control.
In a malicious advertising campaign that impersonates MetaMask, the actors aren't only trying to divert Ethereum transactions to their wallets and target any assets the victims may already hold.
The advertisements were also promoting fake decentralized exchanges, such as Uniswap that would prompt users to connect their wallet and enter their recovery phrase.
When searching for wallet apps on Google Search, make sure that you are clicking on website results and not on promoted ads.
News URL
Related news
- Google Play, Apple App Store apps caught stealing crypto wallets (source)
- Decentralization is happening everywhere, so why are crypto wallets “walled gardens”? (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More (source)