Malicious ads enable crypto drainer theft of $59M

Malicious ads enable crypto drainer theft of $59M Cryptocurrency wallet drainer MS Drainer distributed via malicious ads on Google and X, formerly Twitter, has exfiltrated $59 million from more than 60,000 victims since March, with malicious activity peaking in May, June, and November, according to BleepingComputer. Threat actors have embedded MS Drainer within ads displayed when searching for various decentralized finance platforms on Google Search, many of which have URLs seemingly from an official domain of the spoofed site made possible by leveraging the tracking template issue in Google Ads, a ScamSniffer report showed. Meanwhile, more than 60% of phishing ads on X were found to promote MS Drainer, many of which were from verified accounts. Various themes have been leveraged by threat actors in their ads, including a supposedly limited edition non-fungible token collection from Ordinals Bubbles. Similar ads have been observed by MalwareHunterTeam, who noted that various X accounts may have had their passwords and authentication cookies compromised following a malware infection.