Google’s online advertising platform, Google Ads, is promoting malicious crypto websites, exposing users to a phishing scam.
According to a report from BleepingComputer, threat actors have exploited Google Ads to advertise a fake version of Whales Market, an over-the-counter (OTC) crypto platform facilitating airdropped token trading.
The compromised version of the website appears as a sponsored ad at the top of Google search results, drawing unsuspecting users into the trap.
Users Redirected Fraudulent Domains
Despite its initial appearance with a seemingly legitimate domain address, users who interact with the ad are redirected to a fraudulent domain, [www. whaels. market], instead of the authentic [www.whales.market].
The report noted that the attackers have registered multiple domains targeting Whales Market, with at least one, [www.whaless.market], being inactive.
The imitated clone of the Whales Market website replicates the interface of the legitimate version, deceiving users into linking their digital wallets, which triggers malicious scripts that drain victims’ crypto holdings from their wallets.
This incident adds to the growing list of similar occurrences where scammers exploit Google’s platform to promote fraudulent services.
Google Takes Action Against Crypto Scammers
While the identities of the perpetrators behind this latest phishing campaign remain unknown, Google is taking action against scammers.
Earlier this month, the company filed a lawsuit against two individuals from China, Yunfeng Sun and Hongnam Cheung, for utilizing the Google Play store to deceive people into fake crypto investments.
Although the lawsuit did not disclose the specific names of the implicated applications, Google revealed that it had deactivated 87 fraudulent apps associated with Sun and Cheung over the past four years.
These apps collectively garnered nearly 100,000 downloads worldwide.
“This is a unique opportunity for us to use our resources to actually combat bad actors who were running an extensive crypto scheme to defraud some of our users,” Halimah DeLaine Prado, general counsel at Google, said.
“In 2023 alone we saw over a billion dollars within the U.S. of cryptocurrency fraud and scams and this [lawsuit] allows us to not only use our resources to protect users, but to also serve as sort of a precedent to future bad actors that we don’t tolerate this behavior.”
Google seeks a permanent injunction against the defendants and claims damages exceeding $75,000, which include expenses related to investigating the breach and ensuring platform safety and integrity.
Meanwhile, Google last month launched a feature allowing users to search balances of wallets on Bitcoin, Arbitrum, Avalanche, Optimism, Polygon, and Fantom blockchain.
Read the full article here