The security team Scam Sniffer has issued a security alert, reminding users to be alert to fraudulent activities conducted through counterfeit websites. Recently, a user was directed to a fake @ pudgypenguins website through a news portal in Singapore. After investigation, it was found that this was part of a large-scale malicious advertising campaign. The specific process of the attack is: malicious ads are placed through the Google advertising network, and the ads load suspicious code from Adloox, which detects whether the user has a Web3 wallet. If a wallet is detected, the user will be redirected to the counterfeit website pudtypenguin [.] com. At present, the main target is users of @ pudgypenguins, but this method can be easily applied to other projects. It suggests that users should take the following measures: enable ad blockers, access cryptocurrency related websites using a dedicated browser, verify URLs three times before connecting to wallets, and install the ScamSniffer plugin.