Over the weekend, Twitter user and cryptocurrency influencer NFT God revealed that he lost a “life changing” amount of his net worth after clicking on a malicious Google advertisement.
The sponsored link seemed innocuous, but unbeknownst to NFT God, it was a malware-harboring URL waiting to bait victims into privacy-invading chaos. Suddenly, NFT God discovered that his Twitter, Substack, Discord and Gmail were hijacked by “bad actors.” It gets worse — the cybercriminals managed to steal all of his digital assets, too.
How did this happen?
NFT God spotted an advertisement for popular live-streaming app Open Broadcaster Software (OBS), a software platform that’s favored among Twitch users and YouTube influencers. When he clicked it, he was prompted to download a fake executable file.
“Nothing happened when I clicked the EXE,” NFT God said on Twitter. A few hours later, however, turmoil ensued. He realized that his Twitter was hacked. “If only that were the last chapter of this story,” NFT God lamented. “Unfortunately, it was just the first.”
Later that day, he found that all of his cryptocurrencies and NFTs were swiped from him. “[I]t was all gone. Everything,” he tweeted.
According to BleepingComputer, NFT God likely stumbled upon an info-stealing malware that snatched his saved browser credentials, cookies, Discord tokens and digital-asset wallets.
Although this malicious-ad incident is one of the few that managed to hit the media spotlight in recent times, NFT God is hardly the sole victim of this vicious cybercriminal stratagem. Cybersecurity firms like Guardio and Trend Micro called out the Google Ads platform for being a breeding ground for hackers to promote malicious downloads that wreck PCs and devastate victims’ lives.
Aside from OBS, other popular apps hackers love to impersonate in Google Search include Notepad++, 7-Zip, WinRAR, VLC, CCleaner, Blender, Capcut, and more. What’s worse is that sponsored ads typically appear before the official page hosting the authentic download. Consequently, if one isn’t paying attention, they may mindlessly click on the first link they see.
How to avoid being in NFT God’s shoes
Avoid URLs that are tagged with the word “Ad.” Although they may be legitimate, you don’t know for sure. Read the URL to make sure there aren’t any misspellings or typos.
Secondly, as BleepingComputer suggests, consider getting an ad blocker (e.g. Adblock Plus). “[Ad blockers] could make the difference between losing access to your sensitive information or online accounts and getting digital resources from legitimate vendors.”
It’s worth noting that Google removed the malicious ad that baited NFT God, but you should still keep an eye out for ill-intentioned URLs on Google Search.