Google Ads again appears to be promoting a faked version of a crypto website that directs users to a phishing website clone that drains users’ crypto.
Google seems to be once again promoting malware crypto websites through Google Ads, an online advertising platform that allows businesses to display ads on Google’s search engine results pages.
As per a report from BleepingComputer, this time threat actors have found a way to promote a faked version of Whales Market, an over-the-counter (OTC) crypto platform that allows users to trade airdropped tokens. According to the report, the compromised version is being promoted as a sponsored ad atop Google search results. Crypto.news can confirm that as of press time, Google is indeed promoting the fake version of Whales Market.
Despite its appearance on the search results page with a seemingly legitimate domain address, users are redirected to [www.whaels.market] instead of the authentic [www.whales.market] upon interaction. BleepingComputer further highlights that the bad actors have allegedly registered numerous domains targeting Whales Market, with at least one domain, [www.whaless.market], already inactive.
The faked clone mimics the interface of the legitimate version of the Whales Market website, tricking users into linking their digital wallets. However, upon doing so, malicious scripts are triggered, draining crypto from victims’ digital wallets.
The latest incident adds to a series of similar instances where scammers exploited Google’s platform to promote fraudulent services. For example, an unidentified hacker previously duped billionaire Mark Cuban into downloading a compromised version of MetaMask, resulting in the theft of nearly $900,000 worth of crypto.
While the perpetrators behind this latest phishing campaign remain unidentified, Google Google seems to be fighting back against scammers. In early April, the company sued two people from China, Yunfeng Sun and Hongnam Cheung, for using the Google Play store to trick people into fake crypto investments.
While the lawsuit didn’t specify the names of the implicated applications, Google disclosed that it had deactivated 87 fraudulent apps attributed to Sun and Cheung over the past four years, which had collectively garnered nearly 100,000 downloads worldwide.
This article first appeared at crypto.news