Over the weekend, Twitter user and cryptocurrency influencer NFT God revealed that he lost a “life-changing” amount of his net worth after clicking on a malicious Google ad.
The sponsored link seemed harmless, but unbeknownst to NFT God, it was a URL containing malware waiting to lure victims into privacy-infringing mayhem. Suddenly NFT God discovered that his Twitter, Substack, Discord and Gmail were hijacked by “bad actors”. It gets worse – cybercriminals managed to steal everyone of his digital assets as well.
How did this happen?
NFT God spotted an advertisement for popular live-streaming app Open Broadcaster Software (OBS), a software platform favored by Twitch users and YouTube influencers. When he clicked on it, he was prompted to download a fake executable.
“Nothing happened when I clicked on EXE,” NFT God said on Twitter. A few hours later, however, unrest arose. He realized his Twitter had been hacked. “If only that was the last chapter in this story,” lamented NFT God. “Unfortunately, it was only the first.”
Later that day, he found that all his cryptocurrencies and NFTs were removed from him. “[I]everything was gone. Everything,” he tweeted.
According to BleepingComputer, NFT God likely stumbled upon an information-stealing malware that hijacked his stored browser credentials, cookies, Discord tokens, and digital assets.
Although this malicious ad incident is one of the few that managed to hit the media spotlight in recent times, NFT God is hardly the only victim of this vicious cybercriminal strategy. Cybersecurity firms such as Guardio and Trend Micro called out the Google Ads platform for being a breeding ground for hackers to promote malicious downloads that destroy PCs and ruin victims’ lives.
Apart from OBS, other popular apps that hackers love to impersonate in Google Search include Notepad++, 7-Zip, WinRAR, VLC, CCleaner, Blender, Capcut and more. What’s worse is that sponsored ads usually appear for the official site that hosts the authentic download. Consequently, if one is not paying attention, they may mindlessly click on the first link they see.
How to avoid being in NFT God’s shoes
Avoid URLs marked with the word “Advertisement”. While they may be legitimate, you never know for sure. Read the URL to make sure there are no spelling or typographical errors.
Second, as BleepingComputer suggests, consider getting an ad blocker (eg Adblock Plus). “[Ad blockers] can make the difference between losing access to sensitive information or online accounts and obtaining digital resources from legitimate providers.”
It’s worth noting that Google removed the malicious ad that lured NFT God, but you should still keep an eye out for malformed URLs on Google Search.
