MS Drainer Hackers Thwart AdSense Safeguards, Steal Nearly $59 Million

Yet another wallet drainer has been making the rounds, this time with the help of craftily served advertisements.

Wallet drainers are a type of scam that generally operates by cloning a legitimate website, fooling the target into providing their crypto wallet credentials, and then executing a smart contract that sends the users’ funds to bad actors.

Unlike targeted attacks on exchanges, which would involve actually breaching the security of said sites, drainer scams target either the community of a platform or whales whose internet presence has been tracked down.

Different Monetization Scheme

Generally, a portion of the funds are rerouted directly to the hacker who created the software, a provision encoded into the smart contract that drains the wallet to prevent the attacker from backtracking. No honor among thieves, as they say.

Late last month, Inferno Drainer, a similar tool, shut down after stealing an even larger amount over a period of several months. Both platforms had begun operating during the spring.

However, MS Drainer differs in this regard, selling access to the software for the price of $1,499. Further add-ons to the software can be purchased for an extra couple hundred bucks. If a malicious Blur signature is also requested, it will run the purchaser up another thousand dollars.

Flouting Ad Safety Measures

Although Google checks advertisements submitted to AdSense to prevent scams, illegal products, and so on from being shown to users, these processes are largely automated and thus can be thwarted by those who know their way around these systems. In this case, it seems that region switching was used to avoid detection and slow down any investigations that may have been underway.

Malicious ads have been displayed on X as well ever since the social media network started outsourcing ad space to Google. Zapper, Lido, Defillama, Radiant, and Stargate were all cloned and used in these attacks.

In some cases, not even checking the URL would help, as the ad shown to users displayed the correct link before switching to a misspelled one later on.

In total, nearly $59 million has been stolen from over 63 thousand victims using this software.

Unlike the Inferno team, the malware provider behind this tool has no intention of shutting down anytime soon.

Source: