ScamSniffer has investigated numerous cases of users falling victim to phishing scams through Google's search ads in recent weeks. These users inadvertently clicked on malicious ads and were directed to fraudulent websites, resulting in substantial financial losses.
An investigation into the keywords used by victims has uncovered numerous malicious ads at the forefront of search results. Most users, unaware of the deceptive nature of search ads, click on the first available option, which leads them to fake and malicious websites.
Analysis of the keywords reveals that some of the malicious ads and websites target brands such as Zapper, Lido, Stargate, Defillama, Orbiter Finance, and Radiant. The table below provides an overview of the malicious ads associated with each keyword:
| Keyword | Malicious Ads |
|---|---|
| zapper | webapp-zapper.com, appfi-zapper.com |
| lido | lido.is |
| stargate | stargate-finances.online |
| defillama | defeilllama.com, defllllama.com |
| orbiter finance | orbitered.finance |
| radiant | radiantcapital.info |
When you open a malicious advertisement from Zapper, you can see that it attempts to obtain authorization of my $SUDO by using a Permit signature. If you have installed the Scam Sniffer plugin, you will receive real-time risk alerts.
Currently, many wallets do not have clear risk warnings for this type of signature, and ordinary users may think it is a normal login signature and sign it without thinking twice. For more history on Permits, you can check out this article.
Analysis of the malicious ad information identifies the following advertisers as responsible for placing these ads:
The malicious ads employ several techniques to bypass Google's ad review process, including: