Security firm Check Point: Beware of large-scale JSCEAL malicious activity targeting crypto users

On July 31, security company Check Point stated that its researchers recently discovered a large-scale malicious campaign called JSCEAL. Attackers are exploiting compiled JavaScript files through the Node.js platform to target crypto users. The campaign has been active since March 2024, with attackers using fake advertisements to trick users into downloading and installing malicious programs disguised as nearly 50 mainstream crypto trading applications.

In the first half of 2025, there were approximately 35,000 such malicious advertisements, gaining millions of impressions in the EU region alone. The attack process is multi-layered and has strong anti-detection capabilities, enabling it to steal sensitive information such as user credentials and wallets, as well as providing remote control, keylogging, and browser traffic hijacking functions. The research points out that the detection rate of this malware is extremely low, and some variants have not been recognized by mainstream antivirus software for a long time. Users are advised to be vigilant and avoid downloading cryptocurrency applications through unofficial channels. [BlockBeats]