Security Company Check Point: Beware of JSCEAL Malware Activity Targeting Cryptocurrency Users

Security company Check Point announced that its researchers recently discovered a large-scale malicious campaign named JSCEAL. Attackers exploited a Node.js platform using compiled JavaScript files to target cryptocurrency users. The campaign has been active since March 2024, and attackers have been inducing users to download and install malicious programs posing as nearly 50 mainstream cryptocurrency trading apps through fake advertisements.

In the first half of 2025, around 35,000 malicious ads were related to this campaign, with millions of impressions in the EU alone. The attack process is multi-layered with strong anti-detection capabilities, capable of stealing user credentials, wallets, and other sensitive information. It also has functionalities such as remote control, keylogging, and browser traffic hijacking. The research highlighted that this malicious program has a very low detection rate, and some variants have remained unidentified by mainstream antivirus software for an extended period. Users are advised to remain vigilant and avoid downloading cryptocurrency apps from unofficial sources. [BlockBeats]