- Check Point finds thousands of ads that promote false cryptographic applications
- Applications come with infant infant malware
- The infator can omit most antivirus protections
Cryptocurrency users are being attacked by a highly sophisticated and generalized cybernetic campaign with the aim of deploying malware capable of obtaining exchange and wallet information, essentially stealing people from their tokens, Check Point experts have warned.
Apparently active since March 2024, which makes this campaign, called JSCEAL by researchers, is unique, is the use of compiled Javascript files (JSC), which allows malware to remain hidden from most traditional antivirus solutions.
The criminals created false applications for cryptocurrency exchange and wallets, which come with an inflow inflator. They also created websites to house these applications and managed to buy thousands of ads on the Internet to promote the scam. Check Point says that only in the European Union (EU), 35,000 malicious ads were delivered between January and June 2025.
Jsceal malware
“The use of the Facebook Ads Library allowed us to estimate the scope of the campaign, while in a very conservative approach we can estimate the total scope of the spoiled campaign to 3.5 million users only within the EU, and probably more than 10 million users worldwide,” the researchers explained.
People who fall in love with the scam download an MSI installer that triggers “a sequence of profile scripts” that collect critical information from the system. These scripts also use Powershell commands to collect and exfilt data, in preparation of the final implementation of the payload.
This final payload is the JSteal malware, which steals data related to cryptography, such as credentials and private keys. The payload is executed through node.js, it was said.
What makes this malware particularly dangerous is the use of compiled JavaScript files.
“The JSCEAL campaign uses compiled files from JavaScript (JSC), a less known characteristic of Google’s V8 engine that allows the obfuscation and evasion of static analysis,” the researchers added.
“This innovative technique allows attackers to avoid detection systems, which makes it extremely difficult to detect the malicious code until it is executed. JSCEAL is remarkable for their scale, technical complexity and persistence, since it has evolved significantly since its discovery.”
Even today, many versions of malware remain without detecting common security tools.
Any person interested in their data may be under threat must ensure that their antivirus protections are updated, we have gathered the best free antivirus software, and for those who prefer to use Apple technology, also the best MAC antivirus software.
