The post Crypto Scam Alert: Pudgy Penguins NFT Users Targeted by Google Ad Network Phishing appeared first on Coinpedia Fintech News
An elaborate scam has been detected, where attackers are now utilizing ad networks to perpetrate phishing attacks affecting the users of the Pudgy Penguins NFT project.
According to ScamSniffer, the attack was uncovered after a user complained of being led to a fake Pudgy Penguins site through a Singapore news site. Subsequent research showed that this case is part of a malicious advertising campaign aimed at deceiving Web3 wallet users.
The Attack Mechanism That Is Quite Sophisticated
The high novelty of the campaign is that the Google Ad Network is being used to spread phishing messages. These ads run unpleasant scripts stored in the Adloox tracking domain with the extension .com.
In its current form, the code incorporated in the ads searches the users’ browsers for Web3 wallets. If a wallet is found, the user gets transferred to a fake Pudgy Penguins site – pudqypenguin[.]com – which is created only to capture wallet credentials.
Although at this moment, it looks like the creators of this campaign focus on Pudgy Penguins NFT users, it is indicated that the same approach can be used against any other Web3 project. This is why the attack remains worrisome to the general crypto world given the flexibility it promises to attackers.
The attack also reveals that sites using Prebid.js, a header bidding application programming interface library, may be vulnerable. When these sites use the Adloox analytics module, they run the risk of transmitting scripts in the ads to the user, a clear sign of malware existence.
.article-inside-link {
margin-left: 0 !important;
border: 1px solid #0052CC4D;
border-left: 0;
border-right: 0;
padding: 10px 0;
text-align: left;
}
.entry ul.article-inside-link li {
font-size: 14px;
line-height: 21px;
font-weight: 600;
list-style-type: none;
margin-bottom: 0;
display: inline-block;
}
.entry ul.article-inside-link li:last-child {
display: none;
}
Steps Toward Mitigation
As a result of this event, calls for users to be cautious in their interaction with Web3 interfaces have rapidly intensified. To avoid or reduce interaction with such threats, it is suggested to install ad blockers, open cryptocurrency-related sites, and use associated wallets in another browser. Be extremely cautious when entering any wallet directly, and check the URL first. ScamSniffer is another tool that can be used to detect and prevent phishing instances.
After the campaign was exposed, the security researcher ZachXBT was very active in notifying Adloox about the problem. The latest Adloox CDN JavaScript files containing the malicious code were removed preventing more harm to users.
.article_register_shortcode {
padding: 18px 24px;
border-radius: 8px;
display: flex;
align-items: center;
margin: 6px 0 22px;
border: 1px solid #0052CC4D;
background: linear-gradient(90deg, rgba(255, 255, 255, 0.1) 0%, rgba(0, 82, 204, 0.1) 100%);
}
.article_register_shortcode .media-body h5 {
color: #000000;
font-weight: 600;
font-size: 20px;
line-height: 22px;
}
.article_register_shortcode .media-body h5 span {
color: #0052CC;
}
.article_register_shortcode .media-body p {
font-weight: 400;
font-size: 14px;
line-height: 22px;
color: #171717B2;
margin-top: 4px;
}
.article_register_shortcode .media-body{
padding-right: 14px;
}
.article_register_shortcode .media-button a {
float: right;
}
.article_register_shortcode .primary-button img{
vertical-align: middle;
}
@media (min-width: 581px) and (max-width: 991px) {
.article_register_shortcode .media-body p {
margin-bottom: 0;
}
}
@media (max-width: 580px) {
.article_register_shortcode {
display: block;
padding: 20px;
}
.article_register_shortcode img {
max-width: 50px;
}
.article_register_shortcode .media-body h5 {
font-size: 16px;
}
.article_register_shortcode .media-body {
margin-left: 0px;
}
.article_register_shortcode .media-body p {
font-size: 13px;
line-height: 20px;
margin-top: 6px;
margin-bottom: 14px;
}
.article_register_shortcode .media-button a {
float: unset;
}
.article_register_shortcode .secondary-button {
margin-bottom: 0;
}
}
Never Miss a Beat in the Crypto World!
Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.
.subscription-options li {
display: none;
}
.research-report-subscribe{
background-color: #0052CC;
padding: 12px 20px;
border-radius: 8px;
color: #fff;
font-weight: 500;
font-size: 14px;
width: 96%;
}
.research-report-subscribe img{
vertical-align: sub;
margin-right: 2px;
}
var templateIds = “6”;
var listOfSubscribed = [];
function subscribed_popupmodal(template_id) {
var subcribemodal = document.getElementById(‘subscribe-modal-design’);
if (subcribemodal) {
var modalContent = `
Never Miss a Beat in the Crypto World!
Stay informed and gain the edge you need to navigate the crypto world. Select your subscription now
`;
subcribemodal.innerHTML = modalContent;
}
subscribe_unsubscribe_status(template_id);
//getAllSubscriberCategoryList(template_id);
}
function toggleSubscription(subscription, template_id) {
var subscriptionCheckbox = document.getElementById(subscription + ‘_’ + template_id);
var li = document.getElementById(subscription + ‘Selected_’ + template_id);
if (subscriptionCheckbox.checked) {
li.classList.add(‘active’);
} else {
li.classList.remove(‘active’);
}
}
function getAllSubscriberCategoryList(getcategoryId) {
jQuery.ajax({
url: ‘https://coinpedia.org/wp-admin/admin-ajax.php’,
type: ‘GET’,
data: {
action: ‘subscribe_api_ajax_request’,
apiurl: ‘/app/email_newsletter/list’,
},
success: function(response) {
var result = JSON.parse(response.message);
if (result.status === true) {
var idstosubscribed = []
// Populate listOfSubscribed with subscribed category IDs
result.message.forEach(listofcategory => {
if (listofcategory.subscribe_status === 1) {
if (!listOfSubscribed.includes(listofcategory._id)) {
listOfSubscribed.push(listofcategory._id);
}
if (!idstosubscribed.includes(listofcategory.news_cp_category_row_id)) {
idstosubscribed.push(listofcategory.news_cp_category_row_id);
}
}
});
idstosubscribed.forEach(id => {
var subscribeButton = document.getElementById(‘subscribe_’ + id);
var unsubscribeButton = document.getElementById(‘unsubscribe_’ + id);
if (subscribeButton && unsubscribeButton) {
subscribeButton.style.display = ‘none’;
unsubscribeButton.style.display = ‘block’;
var showDownloadReport = document.getElementById(‘download_report’);
if (showDownloadReport) {
showDownloadReport.style.display = ‘block’;
}
}
});
}
},
error: function(xhr, status, error) {
console.error(‘Error:’, error);
}
});
}
function subscribe_unsubscribe_status(getcategoryId) {
var elementTounsubscribe = document.getElementById(‘unsubscribe_’ + getcategoryId);
var elementTosubscribe = document.getElementById(‘subscribe_’ + getcategoryId);
jQuery.ajax({
url: ‘https://coinpedia.org/wp-admin/admin-ajax.php’,
type: ‘POST’,
data: {
action: ‘subscribe_api_ajax_request’,
apiurl: ‘/app/email_newsletter/list?category_row_id=’ + getcategoryId,
},
success: function(response) {
var result = JSON.parse(response.message);
if (result.status === true) {
jQuery(‘.skeliton-loader-block’).hide();
var hasSubscribeStatusOne = false;
result.message.forEach(subscribeStatus => {
if (listOfSubscribed.includes(subscribeStatus._id) && subscribeStatus.subscribe_status === 1) {
hasSubscribeStatusOne = true;
}
if (subscribeStatus.notification_type === 3) {
document.getElementById(‘monthlySelected_’ + getcategoryId).style.display = ‘block’;
document.getElementById(‘monthly_’ + getcategoryId).setAttribute(‘data-id’, subscribeStatus._id);
if (subscribeStatus.subscribe_status === 1) {
document.getElementById(‘monthly_’ + getcategoryId).checked = true;
}
} else if (subscribeStatus.notification_type === 2) {
document.getElementById(‘weeklySelected_’ + getcategoryId).style.display = ‘block’;
document.getElementById(‘weekly_’ + getcategoryId).setAttribute(‘data-id’, subscribeStatus._id);
if (subscribeStatus.subscribe_status === 1) {
document.getElementById(‘weekly_’ + getcategoryId).checked = true;
}
} else if (subscribeStatus.notification_type === 1) {
document.getElementById(‘dailySelected_’ + getcategoryId).style.display = ‘block’;
document.getElementById(‘daily_’ + getcategoryId).setAttribute(‘data-id’, subscribeStatus._id);
if (subscribeStatus.subscribe_status === 1) {
document.getElementById(‘daily_’ + getcategoryId).checked = true;
}
}
if (subscribeStatus.subscribe_status === 1) {
listOfSubscribed.push(subscribeStatus._id);
}
});
if (hasSubscribeStatusOne) {
elementTosubscribe.style.display = ‘none’;
elementTounsubscribe.style.display = ‘block’;
} else {
elementTosubscribe.style.display = ‘block’;
elementTounsubscribe.style.display = ‘none’;
}
}
},
error: function(xhr, status, error) {
console.error(‘Error:’, error);
}
});
}
function logSelectedSubscriptions(categoryid) {
var unsubscribemodal = document.querySelector(‘.unsubscribed-popup-modal .modal’);
var subscribedmodal = document.querySelector(‘.subscribed-popup-modal .modal’);
unsubscribemodal.innerHTML=”;
subscribedmodal.innerHTML=”;
var selectedSubscriptions = [];
var storeCheckedId = [];
var checkboxes = document.querySelectorAll(‘#subscription-options-‘ + categoryid + ‘ input[type=”checkbox”]’);
var errorMessage = document.getElementById(‘error-message-select’);
// Use a Set to handle unique data-ids
var uniqueSubscribedIds = new Set(listOfSubscribed);
checkboxes.forEach(function(checkbox) {
var dataId = parseInt(checkbox.getAttribute(‘data-id’));
if (checkbox.checked) {
selectedSubscriptions.push(checkbox.id);
storeCheckedId.push(dataId);
} else {
uniqueSubscribedIds.delete(dataId); // Remove unchecked data-id
}
});
// Update listOfSubscribed with unique values
listOfSubscribed = Array.from(uniqueSubscribedIds);
var selectedSubscriptionsString = selectedSubscriptions.join(‘, ‘);
var concatinateSubscribeId = […new Set(storeCheckedId.concat(listOfSubscribed))];
var categoryData = {
‘subscribed_categories’: concatinateSubscribeId
};
var requestSubscriberData = {
action: ‘handle_dynamic_api_request_with_headers’,
security: ’10c0330ef3′,
endpoint: ‘/app/email_newsletter/update_categories’,
token: ”,
data: categoryData
};
jQuery.ajax({
url: ‘https://coinpedia.org/wp-admin/admin-ajax.php’,
type: ‘POST’,
data: requestSubscriberData,
beforeSend: function(xhr) {
xhr.setRequestHeader(‘X-Requested-With’, ‘XMLHttpRequest’);
},
success: function(response) {
try {
response = response.data;
if (storeCheckedId.length === 0) {
var unsubcribedPopUpmodal =
`
You’ve Unsubscribed Successfully
We’re sorry to see you go! Your subscription has been canceled. If you change your mind, you can re-subscribe anytime. Thank you for being part of our community!
`;
unsubscribemodal.innerHTML = unsubcribedPopUpmodal;
document.querySelector(‘#subscribe-modal-design .modal’).style.display = ‘none’;
unsubscribemodal.style.display = ‘block’;
unsubscribemodal.classList.remove(‘hide’);
unsubscribemodal.classList.add(‘show’);
document.getElementById(‘subscribe_’ + categoryid).style.display = ‘block’;
document.getElementById(‘unsubscribe_’ + categoryid).style.display = ‘none’;
var showDownloadReport = document.getElementById(‘download_report’);
if (showDownloadReport) {
showDownloadReport.style.display = ‘none’;
}
} else {
var subscribedPopupModal =
`
Thank you for subscribing!
Thank you for subscribing to our crypto and blockchain newsletter! You’ll now receive the latest news, insights, and updates straight to your inbox. Welcome to our community!
`;
let selectedSubscriptionsArray = selectedSubscriptionsString.split(‘,’);
let subscribedCategories = selectedSubscriptionsArray.map(subscription => subscription.split(‘_’)[0]);
let subscribedCategoriesString = subscribedCategories.join(‘, ‘);
subscribedmodal.innerHTML = subscribedPopupModal;
if (document.getElementById(‘selectidname’)) {
document.getElementById(‘selectidname’).textContent = subscribedCategoriesString;
}
document.querySelector(‘#subscribe-modal-design .modal’).style.display = ‘none’;
subscribedmodal.style.display = ‘block’;
subscribedmodal.classList.remove(‘hide’);
subscribedmodal.classList.add(‘show’);
document.getElementById(‘subscribe_’ + categoryid).style.display = ‘none’;
document.getElementById(‘unsubscribe_’ + categoryid).style.display = ‘block’;
var showDownloadReport = document.getElementById(‘download_report’);
if (showDownloadReport) {
showDownloadReport.style.display = ‘block’;
}
}
} catch (e) {
console.error(‘Error parsing response:’, e);
}
},
});
}
function closeModal(template_id) {
var modalId = template_id;
var modal = document.querySelector(‘#’ + modalId); // Using querySelector to find the modal
if (modal) {
modal.classList.add(‘hide’);
modal.classList.remove(‘show’);
setTimeout(function() {
modal.style.display = ‘none’;
}, 500);
} else {
console.warn(‘Modal not found:’, modalId);
}
}
function closeunsubscribemodal() {
var unsubscribemodal = document.querySelector(‘.unsubscribed-popup-modal .modal’);
if (unsubscribemodal) {
unsubscribemodal.classList.add(‘hide’);
unsubscribemodal.classList.remove(‘show’);
}
setTimeout(function() {
unsubscribemodal.style.display = ‘none’;
}, 500);
}
function closesubscribemodal() {
var subscribedmodal = document.querySelector(‘.subscribed-popup-modal .modal’);
setTimeout(function() {
subscribedmodal.style.display = ‘none’;
}, 500);
if (subscribedmodal) {
subscribedmodal.classList.add(‘hide’);
subscribedmodal.classList.remove(‘show’);
}
}
function withoutLoginClicked(withoutlogin_id) {
localStorage.setItem(‘subscribe_without_Login’, ‘true’);
localStorage.setItem(‘subscribe_clicked_id’, withoutlogin_id);
}
document.addEventListener(‘DOMContentLoaded’, function() {
var templateId = ‘6’;
getAllSubscriberCategoryList([templateId]);
jQuery.ajax({
url: ‘https://coinpedia.org/wp-admin/admin-ajax.php’,
type: ‘GET’,
data: {
action: ‘subscribe_api_ajax_request’,
apiurl: ‘/app/email_newsletter/list’,
},
success: function(response) {
var resultonload = JSON.parse(response.message);
var storeallcategory = resultonload.message;
if (Array.isArray(storeallcategory)) {
// Collect all `news_cp_category_row_id` values and remove duplicates
var allCategoryIds = storeallcategory.map(function(item) {
return String(item.news_cp_category_row_id); // Convert IDs to strings
});
var uniqueCategoryIds = Array.from(new Set(allCategoryIds)); // Get unique IDs
// Convert templateId to a string for comparison
var templateIdStr = String(templateId);
// Check if the templateId is NOT found in the unique category IDs
if (!uniqueCategoryIds.includes(templateIdStr)) {
var idNotMatchTounsubscribe = document.getElementById(‘unsubscribe_’ + templateIdStr);
var idNotMatchTosubscribe = document.getElementById(‘subscribe_’ + templateIdStr);
// Check if elements exist before applying display changes
if (idNotMatchTounsubscribe) {
idNotMatchTounsubscribe.style.display = “none”;
}
if (idNotMatchTosubscribe) {
idNotMatchTosubscribe.style.display = “none”;
}
}
} else {
console.log(“storeallcategory is not an array.”);
}
},
error: function(xhr, status, error) {
console.error(“AJAX request failed:”, status, error);
}
});
const subscribewithoutData = localStorage.getItem(‘subscribe_without_Login’);
const subscribe_clicked_cat_id = localStorage.getItem(‘subscribe_clicked_id’);
// Function to get cookies
function getCookie(name) {
let value = “; ” + document.cookie;
let parts = value.split(“; ” + name + “=”);
if (parts.length == 2) return parts.pop().split(“;”).shift();
}
// Get user token from cookies
const userToken = getCookie(‘user_token’);
if (subscribewithoutData === ‘true’ && userToken) {
// Call the modal function with the category ID
subscribed_popupmodal(subscribe_clicked_cat_id);
// Remove the flag and category ID from localStorage
localStorage.removeItem(‘subscribe_without_Login’);
localStorage.removeItem(‘subscribe_clicked_id’);
}
});
/************************** update susbcriber content **************************** */
function initializeSubscriptionButton() {
var initialListItems = document.querySelectorAll(‘.subscription-options input[type=”checkbox”]’);
initialListItems.forEach(function(item) {
console.log(item.checked, ‘Initial Checkbox checked status’);
});
var listItems = document.querySelectorAll(‘.subscription-options li’);
if (listItems.length === 0) return;
var anyActive = false;
listItems.forEach(function(item) {
var checkbox = item.querySelector(‘input[type=”checkbox”]’);
if (checkbox) {
if (checkbox.checked) {
item.classList.add(‘active’);
anyActive = true; // Set anyActive to true
} else {
item.classList.remove(‘active’); // Remove ‘active’ class if checkbox is unchecked
}
}
});
}
function updateButtonText(anyActive) {
var subscribeButtonSpan = document.querySelector(‘.subscribe-submit .changeBtnText’);
if (subscribeButtonSpan) {
if (anyActive) {
subscribeButtonSpan.textContent=”Subscribe Now”;
} else {
subscribeButtonSpan.textContent=”Unsubscribe”;
}
}
}
function updateSubscriptionButton() {
var listItems = document.querySelectorAll(‘.subscription-options li’);
if (listItems.length === 0) return;
var anyActive = false;
listItems.forEach(function(item) {
var checkbox = item.querySelector(‘input[type=”checkbox”]’);
if (checkbox) {
if (checkbox.checked) {
item.classList.add(‘active’);
anyActive = true; // Set anyActive to true
} else {
item.classList.remove(‘active’); // Remove ‘active’ class if checkbox is unchecked
}
}
});
// Update the button text based on whether any list item has the ‘active’ class
updateButtonText(anyActive);
}
document.addEventListener(‘click’, function(event) {
var clickedItem = event.target.closest(‘.subscription-options li’);
if (clickedItem) {
var checkbox = clickedItem.querySelector(‘input[type=”checkbox”]’);
if (checkbox) {
checkbox.checked = !checkbox.checked;
updateSubscriptionButton();
}
}
});
