The first Google ad for 'MetaMask' is sometimes a drainer

Q: Why doesn't Google just ban brand keywords on ads?

Brand keywords are a major Google Ads revenue category. Competitors bidding on each other's brand names is legal and common in many industries. Banning brand bidding would cut a meaningful share of Google's ad revenue. Google has a trademark complaint process for affected brand owners, but it requires the brand to file a complaint and is reactive rather than proactive.

Why the first Google result is sometimes the attacker

For most popular search queries, the first one to four results on Google are paid Ads. They sit above the organic results, look almost identical, and carry a small "Sponsored" label that the eye learns to ignore. Whoever pays most for the keyword wins the slot. The auction is open to anyone with a Google Ads account, a credit card, and a landing-page URL that passes an automated review.

Attackers love this surface for three reasons. The slot is high-trust real estate; users assume Google vetted whatever appears at the top. The bid model is cheap relative to the payout: one successful crypto-drainer victim covers thousands of clicks. And Google's review is automated, running primarily on URL string matching and a static page scan. It catches obvious phishing only after the ad has accumulated thousands of impressions, which is more than enough time for the attacker to break even.

The 6 keywords attackers buy most aggressively

The same handful of keyword categories show up in malvertising takedown reports year after year. Cost per click is high because the payoff per victim is high.

1. Wallet downloads: MetaMask, Phantom, Trust Wallet, Rabby

The top of the malvertising food chain. A user typing "metamask download" or "phantom wallet" is about to install a crypto wallet, and the attacker's clone asks for the seed phrase during "setup" or "migration." One victim covers weeks of ad spend. Group-IB flagged wallet-download keywords as the single most aggressively bid category in Web3 malvertising.

2. Bridge and DEX traffic: Uniswap, USDC bridge, Stargate

Users searching for a bridge are about to sign transactions with real funds on the line. A fake bridge captures a wallet connection plus a malicious approval, and the drainer empties tokens directly. The Permit2 variant is covered in our Permit2 deep dive.

3. Exchange and wallet login: Coinbase, Kraken, wallet login

Login keywords are extremely high intent. The victim has credentials in hand. A fake Coinbase login captures username, password, and the 2FA code in real time, and the attacker logs in to the real Coinbase from a separate session.

4. Bank login: Chase, Bank of America, Wells Fargo

The classic non-crypto version. Bank login keywords are some of the most expensive on Google because banks defend them aggressively, but attackers still slot in when Google's review delay creates a window. Captured credentials feed account-takeover fraud or get resold on dark-web markets.

5. Tax season: IRS refund, tax help, EITC

Seasonal. January through April brings a spike in paid ads impersonating the IRS, TurboTax, and H&R Block. The lure is a fake refund or a fake notice of unpaid taxes; the goal is SSN plus bank routing data.

6. Software downloads: Zoom, Notion, Slack, AnyDesk

The non-crypto, non-banking workhorse. A user searches "zoom download," clicks the top ad, and installs a tampered build that ships with an infostealer (RedLine, Vidar, LummaC2) bundled alongside the real app. The 2023 AnyDesk and Brave Browser Google Ads typosquats were covered widely in Bleeping Computer and Ars Technica.

The 30-day attack cycle

The economics only work because rotation is cheap. Here is the playbook documented by Malwarebytes, Group-IB, and Krebs On Security across dozens of campaigns.

Day 1. Attacker registers a new domain close to the brand ("metamask-wallet.com", "coinbase-login.app") or generic ("secure-download.online"). Cost is under $20, paid with a stolen card or privacy registrar.
Day 2. Attacker clones the target brand's homepage and submits the Google Ads campaign. Automated review approves within hours because the landing page looks legitimate to a crawler. The bid targets the brand keyword directly.
Day 3 to Day 14. Ad runs live. Clicks convert at a meaningful rate because the slot, the brand name in the headline, and the "Sponsored" tag all carry trust.
Day 15 to Day 30. User reports or Google's threat-intel pipeline flags the domain. The ad gets pulled and the domain may be yanked by the registrar. The attacker has already moved most of the proceeds.
Day 31. Repeat with a freshly registered domain. The drainer kit, redirect chain, and payout wallets are reused.

The attacker only needs the active window to return more than the ad spend plus the throwaway domain cost. Two weeks is plenty.

Real verifiable cases

This is not theoretical. Independent outlets have documented specific campaigns repeatedly.

January 2023, KeePass. Malicious Google Ads pointed users searching for the KeePass password manager to a punycode-variant clone of keepass.info. The cloned page served a tampered installer. Documented by Bleeping Computer and Malwarebytes.
2023, AnyDesk and Brave Browser typosquats. Paid Google Ads led to typosquatted domains serving trojanized installers. Reported by Bleeping Computer, Ars Technica, and the AnyDesk security team's own advisory.
2024, Lowe's and Amazon malvertising. Malwarebytes documented Google Ads campaigns impersonating Lowe's and Amazon during the holiday shopping season, with cloned product pages capturing payment card data.
2024 ongoing, MetaMask and Phantom drainer ads. Scam Sniffer, CertiK, and SlowMist tracked Google Ads campaigns serving wallet-download clones throughout 2024 and into 2025. Some ran for weeks before removal.
2024, US Senate hearing. Krebs On Security covered a January 2024 US Senate Finance Committee hearing where the IRS commissioner specifically called out search-ad impersonation of tax-prep brands as a leading vector for 2024 filing-season fraud.

Google's own annual Ads Safety transparency report acknowledges removing more than 5 billion bad ads each year, a significant share categorized as "trademark impersonation" or "malware." The number Google does not publish is how many impressions each ad served before takedown.

Why Google Ads review fails

Google's review pipeline is mostly automated and mostly static. Attackers know exactly what it checks and design around it.

URL string match. The review confirms the landing page is reachable and the domain is not on a known-bad list. A domain registered the day before is on no list.
Static page scan. A Google crawler fetches the landing page once at review time. If that one fetch returns clean content, the ad is approved. The crawler's user agent and IP ranges are public.
Redirect chains. The ad's "Final URL" can be a benign domain that 301-redirects to the actual phishing page. Review checks the final-URL value, not where the user ends up after redirects fire.
Cloaking. The most aggressive variant. The landing page serves clean content to anything that looks like Google's review crawler and the drainer page only to real users. Reverse-cloaking has been documented in malvertising since at least 2018 by Confiant and GeoEdge.

The structural problem: review happens once at approval, not continuously while the ad runs. A page that is clean at minute zero and dirty at minute one passes.

The 4-second test before clicking any ad

This is the single habit that defeats search-ad phishing across every brand and every keyword.

Look at the display URL under the ad headline. Every Google ad shows it beneath the title. Is it the exact brand domain (metamask.io, chase.com, zoom.us) or is there extra text ("metamask-wallet.com", "chase-secure-login.com", "zoom-meeting.net")?
One extra word is a tell. Real brand login and download pages live on the bare brand domain, not on "brand-secure-login.com" or "brand-wallet.app." Hyphen plus extra word, do not click.
Type the brand domain manually instead. Skip the ad. Type metamask.io or chase.com or zoom.us directly into the address bar. You bypass the entire search-ad layer.
If you must use search, scroll past the Sponsored block. The first organic result is usually the real brand for any well-known query, and organic rankings are harder for attackers to manipulate.

The 4 seconds it takes to read the display URL is the cheapest defense in security.

If you clicked a malicious ad

Speed matters. Action items match any phishing landing page.

Within 30 minutes. If you entered card details, call the bank on the number on the back of the card and freeze the card. If you entered a wallet seed phrase, the funds in that wallet are gone; stop using the seed phrase and move assets in any wallet derived from it to a fresh wallet.
If you connected a wallet and signed anything. Open revoke.cash and revoke every recent token approval. Drainer approvals are usually unlimited and persist until revoked. See the stable.xyz drainer writeup for the typical approval flow, and Pink Drainer 2026 for what replaced it.
If you ran a downloaded file. Run a full antivirus scan (Malwarebytes, Windows Defender, Sophos Home). Assume browser-saved credentials are compromised and change them from a different device. Infostealers (RedLine, Vidar, LummaC2) often ship inside trojanized installers from search-ad campaigns.
If you entered a login. Change the password now, turn on a hardware-backed second factor (security key or app-based, not SMS), and check recent account activity for unauthorized sessions.

Report and prevent

Reporting closes specific ads. Prevention closes the category.

Report the bad ad to Google. Each ad has a small triangle or three-dot menu in the corner. Click it, choose "Report this ad," and submit. Reports feed the trust-and-safety pipeline; several reports speed up takedown materially.
Use a browser ad blocker. uBlock Origin (Chrome, Firefox, Edge) and AdGuard block the entire Google Ads serving infrastructure. With either active, the Sponsored block does not render, and only organic results show. This single change removes the surface entirely.
Install a browser-layer phishing scanner. Even with an ad blocker, you still click links from email, Discord, and Twitter that point at the same drainer destinations. SafeBrowz is a free Chrome, Firefox, and Edge extension that recognizes brand-impersonation landing pages, wallet-drainer scripts, and cloned download portals before they render. Pair an ad blocker (removes the ad surface) with SafeBrowz (catches the destination if you ever do click).
Also report the phishing domain. Submit to the Anti-Phishing Working Group at reportphishing@apwg.org and to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_phish. Crypto abuse goes to chainabuse.com.

Frequently asked questions

Doesn't Google verify advertisers before letting them buy ads?

Google's Advertiser Identity Verification program exists, but enforcement has gaps. Attackers use shell companies, stolen identities, or compromised existing Ads accounts. Group-IB has documented attackers buying aged Ads accounts on underground forums specifically to bypass identity friction. Verification is not a guarantee that an advertiser is legitimate.

I clicked but did not enter anything. Am I safe?

Mostly. If you only loaded the page and did not enter a seed phrase, password, or card number, and did not run any downloaded file, you are almost certainly fine. A few drainer pages attempt browser exploits, but they target outdated browsers. Update your browser and run an antivirus scan for extra reassurance.

How do I tell a real ad from a fake one when both look identical?

Look at the display URL beneath the ad title. The real Chase ad shows chase.com. A scam version shows chase-secure-login.com or chase.verify-account.com. One extra word or hyphen is the tell. Our broader guide on spotting scam websites in 10 seconds covers the same pattern.

Does using DuckDuckGo or Bing avoid this problem?

Partially. Both also sell paid ads, and malvertising has appeared on both. DuckDuckGo serves ads through Microsoft Advertising, which has had its own trademark-impersonation incidents. The threat surface is smaller because traffic is smaller, but the attack pattern is identical. The 4-second display-URL check applies on every search engine.

Why doesn't Google just ban brand keywords on ads?

Brand keywords are a major revenue category. Competitors bidding on each other's brand names is legal and common across industries, and banning brand bidding outright would cut a meaningful share of Google's ad revenue. Google has a trademark complaint process for affected brand owners, but it is reactive: the brand has to file first.

I downloaded an installer from a Google ad and ran it. What now?

Assume browser-saved credentials, session cookies, wallet extensions, and authentication tokens are compromised. Infostealers like RedLine, Vidar, and LummaC2 are the standard payload in trojanized installers from search-ad campaigns. Run a full antivirus scan. From a different clean device, change every important password, sign out of all sessions, rotate any seed phrases stored in browser-extension wallets, and turn on two-factor authentication everywhere. Consider the machine compromised until a clean reinstall.