Thread: Stealing Your Bitcoins With The Help Of Google Ads
View Single Post
Old 02-17-2018, 03:51 PM  
deonbell
Confirmed User
 
deonbell's Avatar
 
Industry Role:
Join Date: Sep 2015
Posts: 1,045
Stealing Your Bitcoins With The Help Of Google Ads
Quote:
On February 24, 2017, Cisco observed a massive phishing campaign hosted in Ukraine targeting the popular Bitcoin wallet site blockchain.info with a client request magnitude of over 200,000 client queries. This campaign was unique in that adversaries leveraged Google Adwords to poison user search results in order to steal users' wallets. Since Cisco observed this technique, it has become increasingly common in the wild with attackers targeting many different crypto wallets and exchanges via malicious ads.

Cisco identified an attack pattern in which the threat actors behind the operation would establish a "gateway" phishing link that would appear in search results among Google Ads. When searching for crypto-related keywords such as "blockchain" or "bitcoin wallet," the spoofed links would appear at the top of search results. When clicked, the link would redirect to a "lander" page and serve phishing content in the native language of the geographic region of the victim's IP address.
Cisco's Talos Intelligence Group Blog: COINHOARDER: Tracking a Ukrainian Bitcoin Phishing Ring DNS Style
deonbell is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote