Security experts have recently uncovered a new wave of malicious attacks known as “crypto drainer” malware, which have already siphoned off $59 million from unsuspecting victims. These attacks lure individuals to phishing websites through deceptive Google and X (formerly Twitter) ads.
Crypto drainer malware operates by tricking users into approving transactions that ultimately drain their cryptocurrency wallets. One specific variant, MS Drainer, has been identified as the culprit behind these recent attacks.
Victims are enticed to phishing pages through ads on Google and X that are linked to popular DeFi keywords like Zapper, Lido, Stargate, Defillama, Orbiter Finance, and Radiant. These malicious ads, which were first detected in March, employ various tactics to evade ad audits, including targeting specific regions and employing “redirect deception” to redirect users to phishing sites.
According to Scam Sniffer, approximately 10,000 phishing sites have been observed since March utilizing drainer malware, with 60% of phishing ads on X leading users to malware designed to steal their virtual currency. MS Drainer alone has pilfered $59 million from 63,210 victims over the past nine months.
Interestingly, the MS Drainer malware is available for purchase on a dark web forum. Unlike other similar malware that is fully managed with a 20% fee, MS Drainer’s administrators sell the source code directly to any interested parties.
In light of these developments, internet users are urged to exercise caution when interacting with online advertising. The security vendor emphasized the need for the ad industry to enhance its verification processes to prevent malicious actors from exploiting their services.
“As seen in these attacks, advertising has become a critical tool for phishing scammers to target victims. By leveraging specific audiences through Google search terms and the X platform, scammers can pinpoint their targets and launch sustained phishing campaigns at minimal cost,” the security vendor warned.
“With the combination of domain spoofing and evading ad reviews, users are continuously exposed to phishing threats. Ad platforms must strengthen their verification protocols to thwart malicious actors from abusing their services.”