A new and clever phishing scam has been uncovered, targeting users of the Pudgy Penguins NFT project through Google ads. But what makes this attack particularly alarming is the method behind it—attackers are using trusted ad networks to deceive Web3 wallet users.
How safe are we really in an online world that seems increasingly vulnerable to such threats? Read on to discover how this scam works and why it could pose a serious risk to the crypto community.
According to ScamSniffer, the attack was uncovered after a user complained of being led to a fake Pudgy Penguins site through a Singapore news site. Subsequent research showed that this case is part of a malicious advertising campaign aimed at deceiving Web3 wallet users.
The most worrying part of this attack is the use of Google Ad Network to spread phishing scripts. The ads, hosted on the Adloox tracking domain (.com), contain harmful code that targets Web3 wallets.
The malicious code scans users’ browsers for Web3 wallets. If one is found, the user is redirected to a fake Pudgy Penguins site—pudqypenguin[.]com—that is designed to steal wallet credentials. While the attack currently targets Pudgy Penguins users, it could easily be used to target other Web3 projects, making it a significant threat to the broader crypto community.
The attack also reveals vulnerabilities in sites using Prebid.js, a popular header bidding library. If these sites use the Adloox analytics module, they risk running malicious scripts through their ads, which can lead to malware infections.
As a result of this attack, experts are urging users to be extra cautious when interacting with Web3 platforms. To reduce the risk, it’s recommended to use ad blockers, access cryptocurrency-related websites in a separate browser, and always double-check URLs before entering wallet details. ScamSniffer is also a useful tool for detecting and preventing phishing attempts.
Once the campaign was discovered, security researcher ZachXBT immediately alerted Adloox to the issue. As a result, the malicious JavaScript files in Adloox’s CDN were removed, preventing further damage to users.
The growing sophistication of these phishing campaigns shows how crucial it is for users to stay one step ahead in the battle against cybercrime. Stay safe out there!
Recent data from the Dune Analytics reveals that Garden Finance has experienced a remarkable growth…
With Bitcoin hovering around $103,500, well-known crypto trader James Wynn has made a bold prediction:…
The cryptocurrency market is in a frenzy, with Ethereum's technical charts indicating the possibility of…
New Presale Coin Gains Rapid Momentum Neo Pepe Coin is a bold new contender captivating…
Bitcoin is hovering near $103,700. There is growing uncertainty in its price action as global…
Ethereum is currently trading at $2442.32, down over 4% in the past day. In the…
