Security researchers have discovered a new series of “crypto drainer” malware attacks that have so far stolen $59 million from victims after luring them to phishing pages via Google and X (formerly Twitter) ads ).
A cryptocurrency drainer is a type of malware that tricks the user into approving a transaction, which then automatically empties their cryptocurrency wallet. Scam Sniffer revealed that a particular version, MS Drainer, was behind the new wave of attacks.
Victims are lured to phishing pages featuring the malware by clicking on Google and
These malicious ads were first detected in March and use several techniques to bypass ad audits, such as targeting only specific regions and using “redirect deception” to direct users to phishing sites.
Read more about malvertising: Microsoft’s Bing AI faces malware threat from deceptive ads
Scam Sniffer said it had observed around 10,000 phishing sites since March using drainers and claimed that 60% of phishing ads on X directed users to malware designed to steal their virtual currency.
MS Drainer, in particular, stole $59 million from 63,210 victims over the past nine months, according to the release.
Scam Sniffer found the drainer for sale on a dark web forum. Unlike other similar fully managed malware, where developers charge a 20% fee, MS Drainer administrators sell the source code directly to everyone.
The security provider urged internet users to remain cautious when interacting with online advertising and called on the advertising industry to up its game.
“As we can see, advertising has become an important way for phishing scammers to reach their victims. By targeting specific audiences through Google search terms and the following X-base, they can select specific targets and launch ongoing phishing campaigns at a very low cost. He concluded.
“Combined with the use of domain spoofing and ad notice circumvention, users face continued phishing threats. Advertising platforms need to improve their verification processes to prevent bad actors from exploiting their services.