A new and clever phishing scam has been uncovered, targeting users of the Pudgy Penguins NFT project through Google ads. But what makes this attack particularly alarming is the method behind it—attackers are using trusted ad networks to deceive Web3 wallet users.
How safe are we really in an online world that seems increasingly vulnerable to such threats? Read on to discover how this scam works and why it could pose a serious risk to the crypto community.
According to ScamSniffer, the attack was uncovered after a user complained of being led to a fake Pudgy Penguins site through a Singapore news site. Subsequent research showed that this case is part of a malicious advertising campaign aimed at deceiving Web3 wallet users.
The most worrying part of this attack is the use of Google Ad Network to spread phishing scripts. The ads, hosted on the Adloox tracking domain (.com), contain harmful code that targets Web3 wallets.
The malicious code scans users’ browsers for Web3 wallets. If one is found, the user is redirected to a fake Pudgy Penguins site—pudqypenguin[.]com—that is designed to steal wallet credentials. While the attack currently targets Pudgy Penguins users, it could easily be used to target other Web3 projects, making it a significant threat to the broader crypto community.
The attack also reveals vulnerabilities in sites using Prebid.js, a popular header bidding library. If these sites use the Adloox analytics module, they risk running malicious scripts through their ads, which can lead to malware infections.
As a result of this attack, experts are urging users to be extra cautious when interacting with Web3 platforms. To reduce the risk, it’s recommended to use ad blockers, access cryptocurrency-related websites in a separate browser, and always double-check URLs before entering wallet details. ScamSniffer is also a useful tool for detecting and preventing phishing attempts.
Once the campaign was discovered, security researcher ZachXBT immediately alerted Adloox to the issue. As a result, the malicious JavaScript files in Adloox’s CDN were removed, preventing further damage to users.
The growing sophistication of these phishing campaigns shows how crucial it is for users to stay one step ahead in the battle against cybercrime. Stay safe out there!
PEPE hopped its way to a $3.8 billion market cap, but its reign as a…
Ripple’s (XRP) recent rally from $2.00 to $2.20 has sparked excitement among cryptocurrency enthusiasts. This…
The crypto circus has a new ringmaster: Influencer Pepe (INPEPE). This Pepe-the-Frog-inspired token is making…
The global cryptocurrency market took a major hit today, with the total market capitalization falling…
The cryptocurrency market took a nosedive Thursday, with Bitcoin and its digital cousins feeling the…
The US markets are facing one of the biggest crashes, with over 4% loss in…