Google 和 X 中的惡意腳本從超過 6.3 萬用戶那裡竊取了 5800 萬美元的加密貨幣

The malicious Wallet Drainers script used phishing campaigns in Google search results and Twitter ads, stealing millions of dollars from users.

惡意 Wallet Drainers 腳本利用 Google 搜尋結果和 Twitter 廣告中的網路釣魚活動，從用戶那裡竊取了數百萬美元。

According to Scam Sniffer, the malicious script stole almost $59 million in digital assets from more than 63,000 victims over nine months. Over the past nine months, 10,072 websites have been linked to Wallet Drainers, with activity peaking in May, June and November.

據 Scam Sniffer 稱，該惡意腳本在 9 個月內從 63,000 多名受害者那裡竊取了近 5,900 萬美元的數位資產。在過去 9 個月中，已有 10,072 個網站與 Wallet Drainers 鏈接，其中活動高峰在 5 月、6 月和 11 月。

🚨1/ Alert: A 'Wallet Drainer' has been linked to phishing campaigns on Google search and X ads, draining approximately $58M from over 63K victims in 9 months. pic.twitter.com/ye3ob2uTtz
🚨1/警報：「錢包流失者」已與 Google 搜尋和 X 廣告上的網路釣魚活動相關聯，在 9 個月內從超過 6.3 萬名受害者那裡損失了約 5800 萬美元。 pic.twitter.com/ye3ob2uTtz
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 21, 2023
— 詐騙嗅探器 | Web3 反詐騙 (@realScamSniffer) 2023 年 12 月 21 日

Most of the advertisements were related to cryptocurrency and NFT airdrops. Moreover, some of them were references to popular blockchain projects, such as Ordinals Dogecoin (DOGE). Malicious ads used regional targeting and page-switching tactics to bypass ad audits, complicating the review process. A test of X’s ad in the feed showed that nine were phishing ads, with over 60% using this wallet drainer.

大多數廣告與加密貨幣和 NFT 空投有關。此外，其中一些參考了流行的區塊鏈項目，例如 Ordinals Dogecoin (DOGE)。惡意廣告使用區域定位和頁面切換策略來繞過廣告審核，使審核過程變得複雜。對 Feed 中 X 的廣告進行的測試顯示，其中有 9 個是網路釣魚廣告，其中超過 60% 的廣告使用了這個錢包排水工具。

“Phishing ads employ redirect tricks to seem legit, like disguising links as official domains that actually lead to phishing sites.”
「網路釣魚廣告採用重定向技巧來看似合法，例如將連結偽裝成實際上指向網路釣魚網站的官方網域。”
Scam Sniffer experts
詐騙嗅探專家

Earlier this month, Ledger, a popular manufacturer of crypto hardware wallets, warned its customers about the dangers of using dapps. The reason was a discovered attack on the supply chain.

本月早些時候，受歡迎的加密硬體錢包製造商 Ledger 警告其客戶使用 dapp 的危險。原因是發現了對供應鏈的攻擊。

Attackers injected malicious javascript code into the Ledger dapp Connect Kit library, which allows web3 applications to interact with Ledger wallets. This code automatically stole cryptocurrency and NFTs from accounts connected to the service.

攻擊者將惡意 javascript 程式碼注入到 Ledger dapp Connect Kit 庫中，該程式庫允許 web3 應用程式與 Ledger 錢包進行互動。該代碼會自動從連接到該服務的帳戶中竊取加密貨幣和 NFT。

According to Chainalysis, the activity of attackers is beginning to increase – from May 2021 to December 2023, phishers stole $1 billion worth of cryptocurrency. At the initial stage, analysts identified at least 1,013 addresses involved in targeted phishing. Phishing refers to a scam in which the criminal sends emails or SMS messages asking you to click a link or log into your account.

據 Chainaanalysis 稱，攻擊者的活動開始增加——從 2021 年 5 月到 2023 年 12 月，網路釣魚者竊取了價值 10 億美元的加密貨幣。在最初階段，分析師識別出至少 1,013 個涉及定向網路釣魚的位址。網路釣魚是指犯罪分子發送電子郵件或簡訊要求您點擊連結或登入帳戶的詐騙。

You might also like: X users at risk as crypto scammers exploit new design flaw

您可能也喜歡：由於加密詐騙者利用新的設計缺陷，X 用戶面臨風險