A new cyber threat campaign dubbed JSCEAL has been uncovered by Check Point Research, targeting cryptocurrency users through deceptive advertisements promoting counterfeit trading apps. Since early 2024, attackers have served over 35,000 malicious ads—primarily in the EU—leading victims to download malware disguised as legitimate MSI installers. This malware uses compiled V8 JavaScript (JSC) to stay hidden from standard security systems and is delivered in a multi-stage process involving profiling scripts and final payload deployment. Once installed, the malware can steal sensitive data like login credentials and wallet information using the Node.js framework.
The attack’s modular structure allows it to evolve, evading detection and adapting new techniques as needed. With an estimated reach of over 10 million users globally, JSCEAL underscores the growing danger of advanced malvertising campaigns. Strengthening crypto app security and using advanced threat detection tools like Check Point’s solutions are essential to counter such evolving threats.
Read more...