Pudgy Penguins NFT users targeted by Google ad network phishing

The Pudgy Penguins NFT project has seen widespread fraud where attackers are now using ad networks to carry out phishing attacks that affect users.

According to ScamSniffer, the attack was discovered after a user complained about being redirected to a fake Pudgy Penguin website via a Singaporean news site. Subsequent research revealed that this issue was part of a malicious advertising campaign aimed at deceiving Web3 wallet users.

The most complex method of attack

The major innovation of the campaign is that the Google Ad Network was used to distribute the phishing messages. These ads run malicious scripts stored in the Adloox tracking domain with the extension .com.

In its current form, the code embedded in the ads searches the user's browser for Web3 wallets. If a wallet is found, the user will be redirected to the fake Pudqypenguin site – pudqypenguin[.]com – created only to hold wallet credentials.

Although the creators of this campaign seem to be focused on Pudgy Penguin NFT users at the moment, it has been suggested that the same approach can be used on any other Web3 project. This is why the attack remains a concern for the entire crypto world, given the flexibility it promises for attackers.

The attack also reveals that websites using Prebid.js, a header bidding application programming interface library, may be vulnerable. When these websites use the Adloox analytics module, they run the risk of sending scripts to the user in the ads, which is a clear sign of the presence of malware.

Also read: Ripple joins SBI's VC business to protect DMM Bitcoin users after hack

Steps to reduce

As a result of this incident, calls for users to exercise caution when interacting with the Web3 interface quickly intensified. To avoid or minimize interaction with such threats, it is recommended to install ad blockers, open cryptocurrency-related sites and use associated wallets in a different browser. Be very careful when submitting any wallet directly and verify the URL first. ScamSniffer is another tool used to detect and prevent phishing incidents.

After the campaign was exposed, security researcher ZachXBT was very proactive in informing Adloox about the problem. The latest Adloox CDN JavaScript files containing malicious code have been removed to prevent further harm to users.