Crypto Scam Alert: Pudgy Penguins NFT Users Targeted by Google Ad Network Phishing
An elaborate scam has been detected, where attackers are now utilizing ad networks to perpetrate phishing attacks affecting the users of the Pudgy Penguins NFT project.
According to ScamSniffer, the attack was uncovered after a user complained of being led to a fake Pudgy Penguins site through a Singapore news site. Subsequent research showed that this case is part of a malicious advertising campaign aimed at deceiving Web3 wallet users.
The Attack Mechanism That Is Quite Sophisticated
The high novelty of the campaign is that the Google Ad Network is being used to spread phishing messages. These ads run unpleasant scripts stored in the Adloox tracking domain with the extension .com.
In its current form, the code incorporated in the ads searches the users’ browsers for Web3 wallets. If a wallet is found, the user gets transferred to a fake Pudgy Penguins site – pudqypenguin[.]com – which is created only to capture wallet credentials.
Although at this moment, it looks like the creators of this campaign focus on Pudgy Penguins NFT users, it is indicated that the same approach can be used against any other Web3 project. This is why the attack remains worrisome to the general crypto world given the flexibility it promises to attackers.
The attack also reveals that sites using Prebid.js, a header bidding application programming interface library, may be vulnerable. When these sites use the Adloox analytics module, they run the risk of transmitting scripts in the ads to the user, a clear sign of malware existence.
Steps Toward Mitigation
As a result of this event, calls for users to be cautious in their interaction with Web3 interfaces have rapidly intensified. To avoid or reduce interaction with such threats, it is suggested to install ad blockers, open cryptocurrency-related sites, and use associated wallets in another browser. Be extremely cautious when entering any wallet directly, and check the URL first. ScamSniffer is another tool that can be used to detect and prevent phishing instances.
After the campaign was exposed, the security researcher ZachXBT was very active in notifying Adloox about the problem. The latest Adloox CDN JavaScript files containing the malicious code were removed preventing more harm to users.
Never Miss a Beat in the Crypto World!
Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.