Malware "JSCEAL" fakes cryptocurrency app ads and may have reached over 10 million users

On July 31st, according to FinanceFeeds, cybersecurity firm Check Point revealed that since March 2024, a large-scale malware campaign dubbed "JSCEAL" has potentially reached over 10.00 million users through fake advertisements for popular cryptocurrency applications like Binance and MetaMask. These ads trick users into downloading programs carrying malicious code capable of stealing passwords, Telegram accounts, and Bitcoin wallet information.The attack was spread through social media ads and phishing websites. The malware can log keystrokes, steal saved browser passwords, and tamper with encryption plugins like MetaMask to directly steal assets. It uses JavaScript obfuscation and anti-detection techniques, making it difficult for conventional security tools to detect. At least 3.50 million users in the EU have been exposed to related ads, with Asia also being a significant area of concern. Experts point out that while ad exposure does not guarantee actual infection, the irreversible nature of cryptocurrency transactions makes the scale of the threat worthy of attention. Users are advised to download applications only through official channels and enable protective measures such as two-factor authentication. [PANews]