Google 和 X 中的恶意脚本从超过 6.3 万用户那里窃取了 5800 万美元的加密货币

The malicious Wallet Drainers script used phishing campaigns in Google search results and Twitter ads, stealing millions of dollars from users.

恶意 Wallet Drainers 脚本利用 Google 搜索结果和 Twitter 广告中的网络钓鱼活动，从用户那里窃取了数百万美元。

According to Scam Sniffer, the malicious script stole almost $59 million in digital assets from more than 63,000 victims over nine months. Over the past nine months, 10,072 websites have been linked to Wallet Drainers, with activity peaking in May, June and November.

据 Scam Sniffer 称，该恶意脚本在 9 个月内从 63,000 多名受害者那里窃取了近 5900 万美元的数字资产。在过去 9 个月中，已有 10,072 个网站与 Wallet Drainers 链接，其中活动高峰在 5 月、6 月和 11 月。

🚨1/ Alert: A 'Wallet Drainer' has been linked to phishing campaigns on Google search and X ads, draining approximately $58M from over 63K victims in 9 months. pic.twitter.com/ye3ob2uTtz
🚨1/警报：“钱包流失者”已与 Google 搜索和 X 广告上的网络钓鱼活动相关联，在 9 个月内从超过 6.3 万名受害者那里损失了约 5800 万美元。 pic.twitter.com/ye3ob2uTtz
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 21, 2023
— 诈骗嗅探器 | Web3 反诈骗 (@realScamSniffer) 2023 年 12 月 21 日

Most of the advertisements were related to cryptocurrency and NFT airdrops. Moreover, some of them were references to popular blockchain projects, such as Ordinals Dogecoin (DOGE). Malicious ads used regional targeting and page-switching tactics to bypass ad audits, complicating the review process. A test of X’s ad in the feed showed that nine were phishing ads, with over 60% using this wallet drainer.

大多数广告与加密货币和 NFT 空投有关。此外，其中一些参考了流行的区块链项目，例如 Ordinals Dogecoin (DOGE)。恶意广告使用区域定位和页面切换策略来绕过广告审核，使审核过程复杂化。对 Feed 中 X 的广告进行的测试显示，其中有 9 个是网络钓鱼广告，其中超过 60% 的广告使用了这个钱包排水工具。

“Phishing ads employ redirect tricks to seem legit, like disguising links as official domains that actually lead to phishing sites.”
“网络钓鱼广告采用重定向技巧来看似合法，例如将链接伪装成实际上指向网络钓鱼网站的官方域名。”
Scam Sniffer experts
诈骗嗅探专家

Earlier this month, Ledger, a popular manufacturer of crypto hardware wallets, warned its customers about the dangers of using dapps. The reason was a discovered attack on the supply chain.

本月早些时候，受欢迎的加密硬件钱包制造商 Ledger 警告其客户使用 dapp 的危险。原因是发现了对供应链的攻击。

Attackers injected malicious javascript code into the Ledger dapp Connect Kit library, which allows web3 applications to interact with Ledger wallets. This code automatically stole cryptocurrency and NFTs from accounts connected to the service.

攻击者将恶意 javascript 代码注入到 Ledger dapp Connect Kit 库中，该库允许 web3 应用程序与 Ledger 钱包进行交互。该代码会自动从连接到该服务的帐户中窃取加密货币和 NFT。

According to Chainalysis, the activity of attackers is beginning to increase – from May 2021 to December 2023, phishers stole $1 billion worth of cryptocurrency. At the initial stage, analysts identified at least 1,013 addresses involved in targeted phishing. Phishing refers to a scam in which the criminal sends emails or SMS messages asking you to click a link or log into your account.

据 Chainaanalysis 称，攻击者的活动开始增加——从 2021 年 5 月到 2023 年 12 月，网络钓鱼者窃取了价值 10 亿美元的加密货币。在最初阶段，分析师识别出至少 1,013 个涉及定向网络钓鱼的地址。网络钓鱼是指犯罪分子发送电子邮件或短信要求您点击链接或登录帐户的诈骗。

You might also like: X users at risk as crypto scammers exploit new design flaw

您可能还喜欢：由于加密诈骗者利用新的设计缺陷，X 用户面临风险