The post Pudgy Penguins NFT Users Targeted by Google Ad Network Phishing appeared on BitcoinEthereumNews.com.

An elaborate scam has been detected, where attackers are now utilizing ad networks to perpetrate phishing attacks affecting the users of the Pudgy Penguins NFT project.  According to ScamSniffer, the attack was uncovered after a user complained of being led to a fake Pudgy Penguins site through a Singapore news site. Subsequent research showed that this case is part of a malicious advertising campaign aimed at deceiving Web3 wallet users. The Attack Mechanism That Is Quite Sophisticated The high novelty of the campaign is that the Google Ad Network is being used to spread phishing messages. These ads run unpleasant scripts stored in the Adloox tracking domain with the extension .com.  In its current form, the code incorporated in the ads searches the users’ browsers for Web3 wallets. If a wallet is found, the user gets transferred to a fake Pudgy Penguins site – pudqypenguin[.]com – which is created only to capture wallet credentials. Although at this moment, it looks like the creators of this campaign focus on Pudgy Penguins NFT users, it is indicated that the same approach can be used against any other Web3 project. This is why the attack remains worrisome to the general crypto world given the flexibility it promises to attackers. The attack also reveals that sites using Prebid.js, a header bidding application programming interface library, may be vulnerable. When these sites use the Adloox analytics module, they run the risk of transmitting scripts in the ads to the user, a clear sign of malware existence.  Also Read :   Ripple Joins SBI VC Trade to Secure DMM Bitcoin Users Post-Hack   , Steps Toward Mitigation As a result of this event, calls for users to be cautious in their interaction with Web3 interfaces have rapidly intensified. To avoid or reduce interaction with such threats,…

---

Filed under: News - @ December 26, 2024 8:17 am