• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Cyber Crime
Phishing Scam

Hackers use Google Ads to steal $50 million of Bitcoin

February 15th, 2018 Waqas Cyber Crime, Hacking News, Phishing Scam 0 comments
Hackers use Google Ads to steal $50 million of Bitcoin
Share on FacebookShare on Twitter

Another day, another Bitcoin scam – This time it abuses Google Ads service. 

In December last year, HackRead.com exclusively exposed a scam in which hackers bought advertisement slots on Google Search Engine using Google’s very own Adwords (Google Ads) service. The search results would display Google Chrome browser download advertisement even before the official Chrome download store but in that case, the link on the ad slot took users onto a Google Sites link showing visitors the option to download Chrome browser, however, when the setup file was downloaded it turned out to be a malware.

This means the unknown hackers used Google Adwords and Google Sites to spread malware from Google search engine. Its detailed analysis is available here. Now, a similar scam has been busted by IT security researchers at Talos cybersecurity team in which a group of Ukranian hackers stole $50 million worth of cryptocurrency from users and investors at Blockchain.info, a Luxembourg based prominent Bitcoin cryptocurrency wallet and block explorer service provider.

The similarity between this scam and the previous one is that in both cases hackers bought advertisement slots using Google Adwords, meaning if a user searched for terms like “blockchain” or “bitcoin wallet,” the search results would display spoofed website carrying the exact same design as the original one. This tricked users into believing that they are on the official website and logged in with their credentials allowing hackers to access their wallets and steal cryptocurrency.

As shown in the screenshot below the official website of the company is Blockchain.info while the hackers used a spoofed domain with the URL Block-clain.info. Notice that the fake domain does not contain the letter “h” which clearly indicates that there is something wrong yet the group was able to trick customers and got away with a whopping $50 million in cryptocurrency.

Hackers use Google Ads to steal $50 million of Bitcoin

Screenshot shared by Cisco researchers

“The attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims,” wrote Jeremiah O’Connor of Cisco and security researcher Dave Maynor who worked on the report with Cisco.

It must be noted that the Coinhoarder group did not steal $50 million worth of cryptocurrency in one shot, in fact, Cisco has been investigating the phishing campaign for the last six month with the help of Ukranian law enforcement authorities. From September 2017 to December 2017, the group stole $10 million worth of cryptocurrency while in one of the attempt, Coinhoarder group was able to steal $2 million within 3.5 week period. The researchers were able to track one of the wallets used by hackers which showed it received $1,894,433.09.

Hackers use Google Ads to steal $50 million of Bitcoin

Wallet used by Coinhoarder group.

One of the victims who fell for the scam has described his experience on Reddit and unfortunately, there is nothing that can be done to track the hackers since Bitcoin is pseudonymous and sending or receiving funds is like writing under a pseudonym. To avoid such scams Facebook has already banned cryptocurrency and ICO related advertisement campaigns.

“What is clear from the Coinhoarder campaign is that cryptocurrency phishing via Google Adwords is a lucrative attack on users worldwide. Phishers are significantly improving their attack techniques by moving to SSL and employing the use of IDNs to fool victims into handing over their credentials. We can expect to see more of these realistic looking phishes,” researchers concluded.

Remember, Coinhoarder is not the only group using sophisticated and persistent ways of targeting unsuspecting users. The Lazarus group is also trying its luck by posing as job recruitment firm and sending users malware infected Word documents which other than stealing personal data take wallet details and cryptocurrency with them.

If you are into cryptocurrency business stay safe online and do not fall for such scams. Moreover, it is advised not to store your funds in an online wallet. Here is a review of 5 safest hardware Bitcoin wallets.

  • Tags
  • Adwords
  • Bitcoin
  • Cryptocurrency
  • Fraud
  • Google
  • Google Sites
  • hacking
  • internet
  • Phishing
  • Scam
  • security
  • Ukraine
Facebook Twitter LinkedIn Pinterest
Previous article Lazarus Group is back, targeting Banks & Bitcoin users with phishing scam
Next article Facebook wants you to install a VPN app accused of spying on users
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
NetWalker ransomware disrupted - Cryptocurrency and domain seized

NetWalker ransomware disrupted - Cryptocurrency and domain seized

World's Most 'Resilient Malware' Botnet Emotet Taken Down

World's Most 'Resilient Malware' Botnet Emotet Taken Down

Top Cybersecurity Threats to Watch in 2021

Top Cybersecurity Threats to Watch in 2021

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
NetWalker ransomware disrupted - Cryptocurrency and domain seized
Cyber Crime

NetWalker ransomware disrupted - Cryptocurrency and domain seized

43
Transferring Whatsapp data from iPhone to Android with MobileTrans
How To

Transferring Whatsapp data from iPhone to Android with MobileTrans

29
World's Most 'Resilient Malware' Botnet Emotet Taken Down
Cyber Crime

World's Most 'Resilient Malware' Botnet Emotet Taken Down

80

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us