Compromised websites are an integral part of the cybercrime ecosystem. They are used by cybercriminals to host a wide range of malicious content, including phishing sites, exploit kits, redirects to other malicious sites, and other tools needed to carry out attacks. Why? One reason is because there is an abundance of insecure websites around the world that can be easily compromised. Another reason is because legitimate sites that have only been recently compromised are less likely to be blacklisted by internet browsers and other security measures.
Hackers targeting bitcoin wallet users are once again leveraging Google’s AdWords in their most recent campaigns. Phishlabs has previously seen similar attacks against banks and online gambling sites over the past year. Some of the most recent attacks have targeted Blockchain and Kraken and have been widely blogged and tweeted about over the past week. As seen in the screenshot below, a Google search for “blockchain.info” returns a Google ad for a look alike domain “blockchian.info” (figure 1). Kraken has released a statement via their blog acknowledging the ongoing campaigns and its attempt to mitigate the threat which can be read here.
Figure 1 Sourced https://twitter.com/myetherwallet/status/766360476246618113