A highly developed malware threat called “JSCEAL” has been impersonating nearly 50 leading cryptocurrency apps such as Binance, MetaMask, and Kraken to target crypto users worldwide.
According to the cybersecurity firm Check Point Research, the campaign began in March 2024 and relies mostly on fake ads, primarily on the likes of Facebook, to lure the victims.
Once victims click on these ads, they are directed to copies of the original crypto platforms on spurious websites.
Once the seemingly authentic apps are downloaded, victims unknowingly install a JavaScript-based trojan, which begins to collect personal data in the background as soon as it is installed.
Over 10 Million People at Risk from Fake Crypto App Ads
Check Point estimates that over 10 million people worldwide have likely been hit by such offensive ads, and over 3.5 million occasions were associated with people in the European Union itself.
The report indicates that 35,000 malicious ads were utilized in the first half of 2025. These ads also targeted users within Asia, where social media usage and adoption of crypto is traditionally high.
Though exact victim numbers are unclear, the widespread exposure from advertisements coupled with the continuous refinement of the campaign implies a severe, mass-scale threat that could spread further unless acted on quickly by users and platform administrators.
Also Read: Lumma Malware Network Taken Down By Global Forces, Cutting Off Crypto Thefts
JSCEAL’s Advanced Anti-Detection Techniques Complicate Cybersecurity Response
One of the most concerning aspects of JSCEAL malware is the fact that it has extremely effective anti-detection mechanisms.
The Trojan operates through a combination of JavaScript compilation and obfuscation techniques, which make it invisible to standard antivirus detection programs.
The malware aims to deceive victims into downloading the malware from what appears to be the source, and the fake app even opens up a legitimate crypto website to maintain the farce.
However, the malware stealthily runs processes that gather significant user data, including keyboard inputs (keylogging), Telegram account details, and browser cookies.
The aim is to hijack wallet extensions and logins unbeknownst to the victim.
Also Read: South Korea’s SK Telecom Suffers Malware Attack, Bithumb on Alert for USIM Forgery
Malware’s Primary Goal: Steal Passwords, Wallet Info, and Crypto-Related Details
The primary goal of the JSCEAL malware is to gather as much sensitive data from the infected device as it can.
The malware attacks login credentials, Telegram auth information, browser session cookies, and auto-completed passwords.
In other cases, it also targets browser-based cryptocurrency wallet extensions like MetaMask, providing attackers with potential access to entire portfolios.
The use of JavaScript makes the malware able to execute its functions without the direct engagement of the user. This factor makes it especially unsafe for less tech-savvy victims.
Check Point indicates that only top-tier anti-malware software with the capability to recognize JavaScript-based attacks can effectively block or remove this malware upon infection.
Wider Trend: Crypto Space Is Faced with Rising Malware Threats in 2024–2025
The JSCEAL campaign is just one facet of a broader wave of malware threats that are plaguing the crypto space throughout all of 2024 and into 2025.
Earlier in April, a malware called “Crocodilus” disguised itself as crypto apps to trick Android users into relinquishing their wallet seed phrases.
On the 11th of April, researchers at ReversingLabs unearthed npm-based malware that compromised users of Atomic Wallet and Exodus by hiding trojans within bundles of software.
In a recent development, SentinelLabs reported on July 3rd that North Korean hackers led the Apple-targeting NimDoor malware campaign.
The crypto sector continues to be a top target for increasingly complex crypto attacks, and users must remain vigilant and well-protected.
Also Read: ReversingLabs Uncovers npm-Based Malware Targeting Crypto Users Via Atomic Wallet & Exodus