CISA orders federal agencies to fix hundreds of exploited security flaws
US sanctions NSO Group and three others for spyware and exploit sales
Microsoft: Windows 11 built-in apps might not open on some systems
BlackMatter ransomware claims to be shutting down due to police pressure
US targets DarkSide ransomware, rebrands with $10 million reward
CISA urges vendors to patch BrakTooth bugs after exploits release
Phishing emails deliver spooky zombie-themed MirCop ransomware
Popular ‘coa’ NPM library hijacked to steal user passwords
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
​Threat actors are using advertisements in Google Search to promote fake cryptocurrency wallets and DEX platforms to steal user’s cryptocurrency.
These advertisements promote sites that install fake Phantom and MetaMask wallets used for Solana and Ethereum, and fake decentralized exchange (DEX) platforms, such as PancakeSwap and Uniswap.
The deceptive operation is supported by cloned websites that look just like the real ones, so the visitors are convinced they are installing the legitimate wallet or using the correct platform.
Researchers at CheckPoint saw a surge in relevant scamming reports over the past weekend, with numerous ads tricking victims into visiting various typosquatted domains.
The ads promote websites with slight, hard-to-notice differences compared to the official domains, like “” or “,” compared to the legitimate domain of “”.
When visiting one of these fake Phantom sites, users will be prompted to create a new wallet, including writing down a recovery phrase used to restore the wallet and a password to access.
Anyone who has this information can add a wallet to their own system and access any cryptocurrency stored within it.
Once the victim finishes the setup process, they are redirected to the real Phantom wallet page, where they install the official Chrome plugin.
Using the recovery phrase created by the attackers, they log in to the attacker’s wallet through the extension, thinking it’s theirs. Any cryptocurrency transferred into that wallet is now also accessible by the threat actors, who can transfer it to other wallets under their control.
CheckPoint discovered that the actors created several wallets under the same account, corresponding to multiple victims, and received notable amounts every couple of hours.
In a malicious advertising campaign that impersonates MetaMask, the actors aren’t only trying to divert Ethereum transactions to their wallets and target any assets the victims may already hold.
For this purpose, the cloned websites offer an additional “Import wallet” function, which is attempts to steal the victim’s private key, which is all that’s needed for the actors to take control of the wallet.
Similarly, the advertisements were also promoting fake decentralized exchanges, such as Uniswap that would prompt users to connect their wallet and enter their recovery phrase.
Like the MetaMask scam, once a user enters their recovery phrase, the threat actors would import the wallet into their own systems and its stored cryptocurrency.
While these advertisements have since been taken down by Google, there is nothing to say that new ones will not be added in the future.
For this reason, to keep your investments safe from these scams, you should follow these basic guidelines:
Unfortunately, if you fall for one of these scams, there is no way to recover cryptocurrency stolen in this manner. Therefore, you must pay close attention to the above guidelines to safeguard your funds and prevent them from being stolen.
OpenSea NFT platform bugs let hackers steal crypto wallets
New “Elon Musk Club” crypto giveaway scam promoted via email
Beware: Free Discord Nitro phishing targets Steam gamers
Money launderers for Russian hacking groups arrested in Ukraine
Intuit warns QuickBooks customers of ongoing phishing attacks
Not a member yet? Register Now
Microsoft 365 outage blocks access to OneDrive, SharePoint files
Microsoft announces new endpoint security solution for SMBs
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Mozilla Thunderbird 91.3 released to fix high impact flaws

Ukraine links members of Gamaredon hacker group to Russian FSBSamsung Galaxy S21…

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flawsBugs in billions…

Microsoft fixes bug blocking Defender for Endpoint on Windows Server

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flawsNew ransomware now…

Discord malware campaign targets crypto and NFT communities

Hackers exploit Microsoft MSHTML bug to steal Google, Instagram credsApple sues spyware-maker…