Father
Professional
- Messages
- 2,602
- Reaction score
- 760
- Points
- 113
How hackers use thousands of WordPress sites to defraud crypto investors.
MalwareHunterTeam report that almost 2,000 hacked WordPress sites are being used to display fake pop-ups with NFT offers and discounts. The campaign is aimed at tricking visitors into connecting their crypto wallets to crypto drainers, which automatically steal funds.
The attacks are a follow-up to a previous campaign in which hackers have already compromised about 1,000 sites by using fraudulent ads and YouTube videos to promote their malicious tools. It seems that the initial campaign did not bring the expected success, and the attackers switched to using new scripts that turn users browsers into tools for selecting administrator passwords on other sites.
During the attacks, about 1,700 sites were involved, including well-known ones, such as the site of the Association of Private Banks of Ecuador. The goal was to create a large enough pool of sites for subsequent monetization as part of a larger campaign.
According to MalwareHunterTeam, scammers have started using a pool of sites to display pop-ups with fake NFT offers and discounts on cryptocurrencies. At the moment, it is not known exactly how many sites display such malicious pop-ups, but a Urlscan search shows that more than 2,000 compromised sites have downloaded malicious scripts in the last 7 days.
Examples of pop-ups
Pop-ups encourage victims to connect their wallets for minting (minting) promising NFTs or receiving discounts on the site. When you click on the connect button, the scripts suggest linking the MetaMask, Safe Wallet, Coinbase, Ledger, and Trust Wallet wallets. In addition, the protocol for connecting wallets WalletConnect is supported, which expands the range of potential goals.
Supported Crypto Wallets
As soon as a user connects their wallet to the site, the cryptocurrency drainer steals all funds and NFT from the account, transferring them to attackers. It is noted that MetaMask issues a warning when visiting sites infected with such scripts.
Cryptocurrency drainers have become a serious problem for the crypto community, as well as hackers who hack into well-known accounts and create deepfake videos with ads to promote sites with malicious scripts.
To protect your digital assets from operators of cryptocurrency drainers and other cybercriminals, it is recommended to connect your wallet only to verified platforms. Regardless of the site's reputation, you should be careful when encountering unexpected pop-ups, especially if they do not correspond to the main theme or design of the site.
MalwareHunterTeam report that almost 2,000 hacked WordPress sites are being used to display fake pop-ups with NFT offers and discounts. The campaign is aimed at tricking visitors into connecting their crypto wallets to crypto drainers, which automatically steal funds.
The attacks are a follow-up to a previous campaign in which hackers have already compromised about 1,000 sites by using fraudulent ads and YouTube videos to promote their malicious tools. It seems that the initial campaign did not bring the expected success, and the attackers switched to using new scripts that turn users browsers into tools for selecting administrator passwords on other sites.
During the attacks, about 1,700 sites were involved, including well-known ones, such as the site of the Association of Private Banks of Ecuador. The goal was to create a large enough pool of sites for subsequent monetization as part of a larger campaign.
According to MalwareHunterTeam, scammers have started using a pool of sites to display pop-ups with fake NFT offers and discounts on cryptocurrencies. At the moment, it is not known exactly how many sites display such malicious pop-ups, but a Urlscan search shows that more than 2,000 compromised sites have downloaded malicious scripts in the last 7 days.
Examples of pop-ups
Pop-ups encourage victims to connect their wallets for minting (minting) promising NFTs or receiving discounts on the site. When you click on the connect button, the scripts suggest linking the MetaMask, Safe Wallet, Coinbase, Ledger, and Trust Wallet wallets. In addition, the protocol for connecting wallets WalletConnect is supported, which expands the range of potential goals.
Supported Crypto Wallets
As soon as a user connects their wallet to the site, the cryptocurrency drainer steals all funds and NFT from the account, transferring them to attackers. It is noted that MetaMask issues a warning when visiting sites infected with such scripts.
Cryptocurrency drainers have become a serious problem for the crypto community, as well as hackers who hack into well-known accounts and create deepfake videos with ads to promote sites with malicious scripts.
To protect your digital assets from operators of cryptocurrency drainers and other cybercriminals, it is recommended to connect your wallet only to verified platforms. Regardless of the site's reputation, you should be careful when encountering unexpected pop-ups, especially if they do not correspond to the main theme or design of the site.
