Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds.
Crypto-thieves are buying Google Ads to target victims with fake wallets, which steal credentials and drain balances. So far, it looks like the cybercrooks have made off with more than $500,000 and counting.
The ads serve links to purportedly download popular cryptowallets Phantom and MetaMask, according to a new report from Check Point Research.
“Over the past weekend, Check Point Research encountered hundreds of incidents in which crypto-investors lost their money while trying to download and install well known cryptowallets or change their currencies on crypto-swap platforms like PancakeSwap or Uniswap,” Check Point analysts said.
Attackers started by putting Google Ads to work searching for potential victims, the report explained. Clicking on the malicious Google Ad takes the user to a malicious site doctored to look like the Phantom (or sometimes MetaMask) wallet site, Check Point noted.
Phantom & MetaMask
There, the target is prompted to create a new account using a “Secret Recovery Phrase.” They’re also prompted to set a password for the purported account (which is harvested by the attackers). After that, users are given a keyboard shortcut for opening the wallet