In December last year, HackRead.com exclusively exposed a scam in which hackers bought advertisement slots on Google Search Engine using Google’s very own Adwords (Google Ads) service. The search results would display Google Chrome browser download advertisement even before the official Chrome download store but in that case, the link on the ad slot took users onto a Google Sites link showing visitors the option to download Chrome browser, however, when the setup file was downloaded it turned out to be a malware.
This means the unknown hackers used Google Adwords and Google Sites to spread malware from Google search engine. Its detailed analysis is available here. Now, a similar scam has been busted by IT security researchers at Talos cybersecurity team in which a group of Ukranian hackers stole $50 million worth of cryptocurrency from users and investors at Blockchain.info, a Luxembourg based prominent Bitcoin cryptocurrency wallet and block explorer service provider.
The similarity between this scam and the previous one is that in both cases hackers bought advertisement slots using Google Adwords, meaning if a user searched for terms like “blockchain” or “bitcoin wallet,” the search results would display spoofed website carrying the exact same design as the original one. This tricked users into believing that they are on the official website and logged in with their credentials allowing hackers to access their wallets and steal cryptocurrency.
As shown in the screenshot below the official website of the company is Blockchain.info while the hackers used a spoofed domain with the URL Block-clain.info. Notice that the fake domain does not contain the letter “h” which clearly indicates that there is something wrong yet the group was able to trick customers and got away with a whopping $50 million in cryptocurrency.
“The attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims,” wrote Jeremiah O’Connor of Cisco and security researcher Dave Maynor who worked on the report with Cisco.
to read the original article: