Security firm Check Point: Beware of large-scale JSCEAL malicious activity targeting crypto users

Security firm Check Point reports that researchers have recently discovered a large-scale malicious campaign called JSCEAL, in which attackers use compiled JavaScript files via the Node.js platform to target crypto users. The campaign has been active since March 2024, with attackers using fake ads to trick users into downloading and installing malicious programs disguised as nearly 50 mainstream crypto trading apps. In the first half of 2025, there were approximately 35,000 such malicious ads, gaining millions of impressions in the EU alone. The attack process is multi-layered, with strong anti-detection capabilities, capable of stealing user credentials, wallets, and other sensitive information, as well as remote control, keylogging, and browser traffic hijacking functions. The research points out that the detection rate of this malware is extremely low, and some variants have not been recognized by mainstream antivirus software for a long time, reminding users to be vigilant and avoid downloading cryptocurrency applications through unofficial channels. [Foresight News]