On July 31st, according to FinanceFeeds, cybersecurity firm Check Point revealed that since March 2024, a large-scale malware campaign dubbed "JSCEAL" has potentially reached over 10.00 million users through fake advertisements for popular cryptocurrency applications like Binance and MetaMask. These ads trick users into downloading programs carrying malicious code capable of stealing passwords, Telegram accounts, and Bitcoin wallet information.The attack was spread through social media ads and phishing websites. The malware can log keystrokes, steal saved browser passwords, and tamper with encryption plugins like MetaMask to directly steal assets. It uses JavaScript obfuscation and anti-detection techniques, making it difficult for conventional security tools to detect. At least 3.50 million users in the EU have been exposed to related ads, with Asia also being a significant area of concern. Experts point out that while ad exposure does not guarantee actual infection, the irreversible nature of cryptocurrency transactions makes the scale of the threat worthy of attention. Users are advised to download applications only through official channels and enable protective measures such as two-factor authentication. [PANews]

Malware "JSCEAL" fakes cryptocurrency app ads and may have reached over 10 million users

Security firm Check Point warns of a malware named JSCEAL that has been impersonating crypto platforms to lure in millions of victims to steal crypto related data, how does it work? In a recent blogpost, Check Point Research notified crypto traders of a fairly novel threat online that specifically targets crypto-related data by impersonating approximately 50 crypto platforms, including Binance, MetaMask, eToro, DEX Screener, Monero, Kraken, and many more. The malware called JSCEAL has been active since March 2024, with limited activity but has evolved into a more complex operation. “In the campaign’s latest phase, the threat actors acquired a large number of domains and adopted distinctive techniques to evade detection, including sometimes avoiding deploying the final payload,” wrote the security firm. The malicious software campaign produces crypto firm advertisements to lure in victims. When they click on the ads, they are led to “decoy websites” that direct them to install fake applications”, believing them to be the real crypto platforms used for trading. In the meantime, the malicious actors infiltrate the victim’s system and steal their crypto-related data. “During the first half of 2025, threat actors promoted around 35,000 malicious advertisements, which led to a few million views in the EU alone,” wrote Check Point in its blogpost. According to the security firm’s estimations, each ad was able to reach at least 100 users in the European Union. That means with 35,000 ads, the hackers were able to reach 3.5 million users within the EU alone. Meanwhile, the firm has not accounted for users outside the EU. Considering that the social media user base worldwide is much larger than the EU’s, the security firms concludes that “the global reach could easily exceed 10 million [people].” According to the blogpost, the latest version of the malware campaign deploys what is called a “unique anti-evasion methods” which makes it difficult to detect. By using a fake website that directs them to install the malware directly into their devices, the security firm said the double-layered method “significantly complicates analysis and detection efforts.” JSCEAL uses the programming language JavaScript, as well as what the security firm considers “combination of compiled code and heavy obfuscation.” This way, the victim does not need to trigger the code to make it run. Moreover, the campaign’s main purpose is to steal information from the infested device and send it to the main hacker’s server. Based on the firm’s analysis, the attackers gather “extensive machine information,” which include location, autocomplete passwords, network details, email information and proxy configuration. In addition, if the attackers deem the victim to be valuable, they will add an additional code that can download and execute the “final payload” to steal more data and possibly erase any and all traces of the malware from the victim’s system. However, users can still use anti-malware software to detect malicious executions and stop ongoing attacks on already-infected device. [Check Point]

Malware masquerading as major crypto firms targets over 10M people worldwide

On July 31, security company Check Point stated that its researchers recently discovered a large-scale malicious campaign called JSCEAL. Attackers are exploiting compiled JavaScript files through the Node.js platform to target crypto users. The campaign has been active since March 2024, with attackers using fake advertisements to trick users into downloading and installing malicious programs disguised as nearly 50 mainstream crypto trading applications.

In the first half of 2025, there were approximately 35,000 such malicious advertisements, gaining millions of impressions in the EU region alone. The attack process is multi-layered and has strong anti-detection capabilities, enabling it to steal sensitive information such as user credentials and wallets, as well as providing remote control, keylogging, and browser traffic hijacking functions. The research points out that the detection rate of this malware is extremely low, and some variants have not been recognized by mainstream antivirus software for a long time. Users are advised to be vigilant and avoid downloading cryptocurrency applications through unofficial channels. [BlockBeats]

NODE

Security firm Check Point: Beware of large-scale JSCEAL malicious activity targeting crypto users

Security company Check Point announced that its researchers recently discovered a large-scale malicious campaign named JSCEAL. Attackers exploited a Node.js platform using compiled JavaScript files to target cryptocurrency users. The campaign has been active since March 2024, and attackers have been inducing users to download and install malicious programs posing as nearly 50 mainstream cryptocurrency trading apps through fake advertisements.

In the first half of 2025, around 35,000 malicious ads were related to this campaign, with millions of impressions in the EU alone. The attack process is multi-layered with strong anti-detection capabilities, capable of stealing user credentials, wallets, and other sensitive information. It also has functionalities such as remote control, keylogging, and browser traffic hijacking. The research highlighted that this malicious program has a very low detection rate, and some variants have remained unidentified by mainstream antivirus software for an extended period. Users are advised to remain vigilant and avoid downloading cryptocurrency apps from unofficial sources. [BlockBeats]

Security Company Check Point: Beware of JSCEAL Malware Activity Targeting Cryptocurrency Users

On July 31, security company Check Point stated that its researchers recently discovered a large-scale malicious campaign called JSCEAL. Attackers are using compiled JavaScript files through the Node.js platform to target crypto users. The campaign has been active since March 2024, with attackers using fake advertisements to trick users into downloading and installing malicious programs disguised as nearly 50 mainstream crypto trading applications.

In the first half of 2025, there were approximately 35,000 malicious advertisements, gaining millions of impressions in the EU region alone. The attack process is multi-layered and has strong anti-detection capabilities, capable of stealing sensitive information such as user credentials and wallets, as well as remote control, keylogging, and browser traffic hijacking functions. The research points out that the detection rate of this malware is extremely low, and some variants have not been identified by mainstream antivirus software for a long time, reminding users to be vigilant and avoid downloading cryptocurrency applications through unofficial channels. [BlockBeats]

Security firm Check Point reports that researchers have recently discovered a large-scale malicious campaign called JSCEAL, in which attackers use compiled JavaScript files via the Node.js platform to target crypto users. The campaign has been active since March 2024, with attackers using fake ads to trick users into downloading and installing malicious programs disguised as nearly 50 mainstream crypto trading apps. In the first half of 2025, there were approximately 35,000 such malicious ads, gaining millions of impressions in the EU alone. The attack process is multi-layered, with strong anti-detection capabilities, capable of stealing user credentials, wallets, and other sensitive information, as well as remote control, keylogging, and browser traffic hijacking functions. The research points out that the detection rate of this malware is extremely low, and some variants have not been recognized by mainstream antivirus software for a long time, reminding users to be vigilant and avoid downloading cryptocurrency applications through unofficial channels. [Foresight News]

PANews reported on July 31st that cybersecurity company Check Point reported that researchers recently discovered a large-scale malicious campaign called JSCEAL, in which attackers exploited the Node.js platform using compiled JavaScript files to target cryptocurrency application users. This campaign has been active since March 2024, with attackers using fake advertisements to trick users into downloading and installing malicious programs impersonating nearly 50 major cryptocurrency trading applications. In the first half of 2025, approximately 35,000 related malicious advertisements were posted, garnering millions of impressions in the EU alone. The attack process is multi-layered and possesses strong anti-detection capabilities, capable of stealing sensitive information such as user credentials and wallets, and possessing remote control, keylogging, and browser traffic hijacking capabilities. Research indicates that the detection rate of this malicious program is extremely low, and some variants have long remained unrecognized by mainstream antivirus software. Users are reminded to remain vigilant and avoid downloading cryptocurrency applications through unofficial channels. [PANews]

Security firm warns of JSCEAL malicious activity targeting cryptocurrency users on a large scale

Security firm Check Point warns that malware called "JSCEAL," active since March 2024, has been impersonating nearly 50 popular crypto applications such as Binance, MetaMask, and Kraken. It uses advertisements to trick users into downloading Trojan programs, potentially affecting over ten million people worldwide. This Trojan, written in JavaScript and equipped with anti-detection mechanisms, can steal wallet information, account passwords, Telegram data, and browser cookies, primarily spreading through advertisements on platforms like Facebook. [Cointelegraph]

Malware called "JSCEAL" masquerades as a crypto app to implant Trojan viruses, potentially affecting over ten million people.

According to Cointelegraph, security firm Check Point warns that malware called "JSCEAL," active since March 2024, has been impersonating nearly 50 popular crypto applications such as Binance, MetaMask, and Kraken to induce users to download Trojan programs via advertising, potentially affecting over ten million people worldwide. The Trojan uses JavaScript and has anti-detection mechanisms, allowing it to steal wallet information, account passwords, Telegram data, and browser cookies, mainly spreading through advertising on platforms such as Facebook. [ChainCatcher]

Security firm: Malware called "JSCEAL" impersonates crypto apps to implant Trojan viruses, potentially affecting over 10 million people

Security firm Check Point warns that malware called "JSCEAL," active since March 2024, has been impersonating nearly 50 popular crypto apps such as Binance, MetaMask, and Kraken to trick users into downloading trojan programs via advertising, potentially affecting over ten million people worldwide. The trojan uses JavaScript and has anti-detection mechanisms, allowing it to steal wallet information, account passwords, Telegram data, and browser cookies, mainly spreading through advertising on platforms such as Facebook. (Cointelegraph) [Odaily]

<div>
<p>On July 31, according to Cointelegraph, Check Point Research revealed that a malware campaign codenamed "JSCEAL" is impersonating nearly 50 popular cryptocurrency trading applications worldwide, including Binance, MetaMask, and Kraken. The campaign has been active since March 2024, enticing users to download fake applications containing malware through malicious advertisements.</p>
<p>Research shows that 35,000 malicious ads have been placed in the first half of 2025, affecting millions of users in the EU alone. The malware employs unique anti-detection techniques, capable of collecting sensitive data such as user keyboard input, Telegram account information, and autofill passwords, and can manipulate cryptocurrency-related browser plugins. Experts recommend using anti-malware that can detect malicious JavaScript execution to effectively prevent such attacks.</p>
</div> [Techflow]

Cybersecurity firm: "JSCEAL" malware campaign impersonates over 50 well-known crypto apps, putting over 10 million users worldwide at risk

Over 10 million have been potentially targeted by a malware campaign designed to steal crypto and credentials, say cybersecurity researchers at Check Point.

Crypto users warned as ads push malware-laden crypto apps

据FinanceFeeds报道，2024年7月31日，网络安全公司Check Point披露，自2024年3月以来，一场名为“JSCEAL”的大规模恶意软件活动通过伪装成热门加密货币应用如Binance和MetaMask的虚假广告，潜在影响超过1000万用户。这些广告诱导用户下载含有恶意代码的程序，能够窃取密码、Telegram账户及Bitcoin钱包信息。此次攻击通过社交媒体广告和钓鱼网站传播。该恶意软件可以记录按键、窃取浏览器保存的密码，并篡改如MetaMask等加密插件，直接盗取资产。它采用JavaScript混淆和反检测技术，使传统安全工具难以发现。欧盟地区至少有350万用户接触过相关广告，亚洲也是主要受影响区域之一。专家指出，虽然广告曝光并不意味着一定感染病毒，但鉴于加密货币交易的不可逆性，该威胁规模值得重视。建议用户仅通过官方渠道下载应用，并启用双重身份验证等保护措施。[PANews]

恶意软件“JSCEAL”伪造加密货币应用广告，可能已影响超过1000万用户

據FinanceFeeds報道，2024年7月31日，網絡安全公司Check Point披露，自2024年3月以來，一場名爲“JSCEAL”的大規模惡意軟件活動通過僞裝成熱門加密貨幣應用如Binance和MetaMask的虛假廣告，潛在影響超過1000萬用戶。這些廣告誘導用戶下載含有惡意代碼的程序，能夠竊取密碼、Telegram賬戶及Bitcoin錢包信息。此次攻擊通過社交媒體廣告和釣魚網站傳播。該惡意軟件可以記錄按鍵、竊取瀏覽器保存的密碼，並篡改如MetaMask等加密插件，直接盜取資產。它採用JavaScript混淆和反檢測技術，使傳統安全工具難以發現。歐盟地區至少有350萬用戶接觸過相關廣告，亞洲也是主要受影響區域之一。專家指出，雖然廣告曝光並不意味着一定感染病毒，但鑑於加密貨幣交易的不可逆性，該威脅規模值得重視。建議用戶僅通過官方渠道下載應用，並啓用雙重身份驗證等保護措施。[PANews]