preloader icon

Recent Blog

blog

MS Wallet Drainer Has Siphoned Over $58 Million Using Google and X Phishing Ads

A recent report from Scam Sniffer, an anti-scam solution, revealed that MS Wallet Drainer, a cryptocurrency malware tool, has managed to siphon over $58 million in crypto since March. The drainer uses Google search and X ads phishing links as a distribution vector and has affected over 63,000 victims as of December 21.

MS Drainer Allows Criminals to Siphon Over $58 Million

A recent report from Scam Sniffer, an anti-scam platform used by several Web3 wallets, has revealed that a certain malware type has managed to siphon over $58 million from cryptocurrency holders. The tool, called MS Wallet Drainer, attacks the cryptocurrency wallets (Ethereum, BNB, and other EVM chains and rollups) of victims using Google and X ads to infect their devices and drain them of any available funds and non-fungible tokens (NFTs).

The malware is distributed using the search results of Google searches for popular cryptocurrency sites and decentralized finance exchanges, such as Zapper, Lido, Stargate, Defillama, Orbiter Finance, and Radiant. The same malware was also detected in a series of Ordinals-related X ads, and a recent sampling of X ads on some feeds resulted in more than 60% of the ads leading to sites using the MS Drainer.

The report highlights that these ads use several techniques to obfuscate their purposes and pass advertising audits. For example, they only target certain regions and use redirection to bypass revisions.

One of the victims lost over $24 million in an Ethereum wallet, while another lost over $1 million in Ethereum assets. An investigation revealed that the tool is available in darknet forums with a price of $1,500 for a standard functionality set. While other similar malware tools are fully managed and charge a 20% fee, this one only charges for modules that add additional functionality to the standard package.