Cryptocurrency, Hacker (Representative Image) Photograph:( Twitter )
The deceptive operation is supported by cloned websites that look just like the real ones, so the visitors are convinced they are installing the legitimate wallet or using the correct platform.
Threat actors are promoting phoney cryptocurrency wallets and DEX platforms on Google Search in order to steal users' cryptocurrency.
Scammers have utilised the new form of phishing effort that didn't use emails to steal about $500,000 in cryptocurrencies from wallets.
According to Check Point Research, the criminals bought Google Ads placements for their fake wallet websites, such as Phantom App and MetaMask.
Also read | Islamic organisation in Indonesia declares fatwa against cryptocurrency; says it is against Sharia law
The malicious websites have URLs that are similar to the genuine service's, such as "phantonn.app" (the real service's URL is "phantom.app"), and designs that are likewise similar to the real thing.
Watch | Will China to dominate cryptocurrency market?
If the victim visits the false page and types in their password, the fraudsters will grab it.
The attacker's secret recovery phrase will be disclosed to the victim if they utilise the fraudulent website to establish a new wallet.
If they log in with the recovery phrase, they'll be logging into the account of the bad actor, and any funds moved to it will go to the fraudster.
The bogus website for MetaMask, in example, offers the option of importing an existing wallet.
Because this necessitates the use of a seed phrase, the fraudsters will have access to it as well.
Researchers at CheckPoint saw a surge in relevant scamming reports over the past weekend, with numerous ads tricking victims into visiting various typosquatted domains.
CheckPoint determined that the criminals used the same account to establish several wallets, each relating to a different victim, and received significant sums every few hours.
(With inputs from agencies)