April 18, 2024 at 01:56PM
A Google Search ad for ‘Whales Market’ redirects users to a phishing site, replicating the legitimate platform to steal assets. This tactics abuses legitimate-looking URLs for impersonated platforms. Despite efforts from Google and Microsoft, these malicious ads are slipping through the cracks and being approved. BleepingComputer contacted Google about proactively preventing such ads but has not received a response.
Based on the meeting notes, the key takeaways are:
1. A legitimate-looking Google search advertisement for the cryptocurrency trading platform ‘Whales Market’ is redirecting visitors to a wallet-draining phishing site that steals all of their assets.
2. The phishing site replicates the legitimate website, including its trading platform, and utilizes redirects to trick ad platforms into displaying the fraudulent ad.
3. The threat actors behind these ads can create legitimate-looking ads by redirecting visitors to different sites based on their IP address or browser user agent to bypass ad platform verifications.
4. It has been noted that these types of malicious advertisements have been slipping through the cracks of ad platform verifications by Google, Microsoft, and other platforms.
If you need further details or have any specific questions regarding the meeting notes, please feel free to ask.