Pudgy Penguins NFT Users Targeted by Google Ad Network Phishing
An elaborate scam has been detected, with attackers now leveraging an ad network to conduct phishing attacks affecting users of the Pudgy Penguins NFT project.
according to Scam snifferthe attack was revealed after a user complained about being directed to the fake Chunky Penguin website via a Singaporean news site. Subsequent research revealed that the case was part of a malvertising campaign designed to deceive Web3 wallet users.
Quite complex attack mechanism
The highly novel aspect of this campaign is that the Google ad network was used to spread the phishing message. These ads run unpleasant scripts that are stored in the Adloox tracking domain with a .com extension.
In its current form, the ad contains code that searches the user’s browser for Web3 wallets. If a wallet is discovered, users will be transferred to a fake Pudgy Penguins website – pudqypenguin(.)com – which was created solely to capture wallet credentials.
Although it currently appears that the campaign’s creators are focusing on Pudgy Penguins NFT users, it is shown that the same approach can be used for any other Web3 project. That’s why this attack remains worrisome to the entire crypto world, as it promises attackers flexibility.
The attack also showed that the website used Prebid.jsa header bidding application programming interface library that can be vulnerable. When these websites use the Adloox analysis module, they run the risk of transmitting scripts from ads to users, a clear sign of the presence of malware.
Mitigation measures
As a result of this incident, calls for users to exercise caution when interacting with Web3 interfaces have rapidly intensified. To avoid or reduce interaction with such threats, it is recommended to install an ad blocker, open cryptocurrency-related websites and use relevant wallets in other browsers. Be extremely careful when entering any wallet directly and check the URL first. ScamSniffer is another tool that can be used to detect and prevent instances of phishing.
After the campaign came to light, security researcher ZachXBT was very active in notifying Adloox of the issue. The latest Adloox CDN JavaScript files containing malicious code are Deleted Avoid causing more harm to users.
Never miss a beat from the crypto world!
Stay up to date with breaking news, expert analysis, and live updates on the latest trends in Bitcoin, Altcoins, DeFi, NFTs, and more.
