A new and clever phishing scam has been uncovered, targeting users of the Pudgy Penguins NFT project through Google ads. But what makes this attack particularly alarming is the method behind it—attackers are using trusted ad networks to deceive Web3 wallet users.

How safe are we really in an online world that seems increasingly vulnerable to such threats? Read on to discover how this scam works and why it could pose a serious risk to the crypto community.

How the Scam Was Discovered

According to ScamSniffer, the attack was uncovered after a user complained of being led to a fake Pudgy Penguins site through a Singapore news site. Subsequent research showed that this case is part of a malicious advertising campaign aimed at deceiving Web3 wallet users.

The most worrying part of this attack is the use of Google Ad Network to spread phishing scripts. The ads, hosted on the Adloox tracking domain (.com), contain harmful code that targets Web3 wallets.

How the Attack Works

The malicious code scans users’ browsers for Web3 wallets. If one is found, the user is redirected to a fake Pudgy Penguins site—pudqypenguin[.]com—that is designed to steal wallet credentials. While the attack currently targets Pudgy Penguins users, it could easily be used to target other Web3 projects, making it a significant threat to the broader crypto community.

The attack also reveals vulnerabilities in sites using Prebid.js, a popular header bidding library. If these sites use the Adloox analytics module, they risk running malicious scripts through their ads, which can lead to malware infections.

How to Protect Yourself from Phishing

As a result of this attack, experts are urging users to be extra cautious when interacting with Web3 platforms. To reduce the risk, it’s recommended to use ad blockers, access cryptocurrency-related websites in a separate browser, and always double-check URLs before entering wallet details. ScamSniffer is also a useful tool for detecting and preventing phishing attempts.

Once the campaign was discovered, security researcher ZachXBT immediately alerted Adloox to the issue. As a result, the malicious JavaScript files in Adloox’s CDN were removed, preventing further damage to users.

#BinanceSeason #pengu #SCAMalerts $PENGU