Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months.

According to blockchain threat analysts at ScamSniffer, they discovered over ten thousand phishing websites using the drainer from March 2023 to today, with spikes in the activity observed in May, June, and November.

Users are taken to a legitimate-appearing phishing website and tricked into approving malicious contracts, allowing the drainer to automatically perform unauthorized transactions and transfer the victim's money to the attacker's wallet address.

The source code for MS Drainer is sold to cybercriminals for $1,500 by a user named 'Pakulichev' or 'PhishLab,' who also charges a 20% fee on any funds stolen with the toolkit. PhishLab also sells extra modules that add new features to the malware, costing between $500 and $1,000.

According to blockchain data on MS Drainer's activity, one of its Ethereum-chain victims lost $24 million worth of cryptocurrency, while other notable cases involve victims losing between $440,000 and $1.2 million.