Advisements on Google and X, formerly Twitter, were found promoting sites containing a cryptocurrency drainer that had reportedly stolen $59 million from 63,210 victims over the past nine months.
Thousands of phishing sites were discovered that were using the drainer between March 2023 to today with spikes in activity noticed in May, June and November, a report from Bleeping Computer said.
The sites with drainers were being promoted in Google Search via malicious ads. Many of the ads were found to be exploiting a loophole in Google’s tracking template to make their URLs appear to belong to official domains.
On X, advertisements were found to be way more prevalent. These ads were found to be posted from legitimate “verified” accounts that carried the blue tick badge when the ad was shown.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
The ads on X were also promoting NFT airdrops and new token launches on sites that contain the drainer.
A drainer is a malicious smart contract, or a suite designed to drain funds from a user’s cryptocurrency wallet without their consent.
The drainer works by taking users to a legitimate looking website that tricks them into approving malicious contracts, allowing the drainer to perform unauthorised transactions from the victim’s crypto wallet address.
