A cybercriminal campaign, called JSCEAL, is targeting cryptocurrency users by deploying malware to steal exchange and wallet information. Active since March 2024, this campaign uses compiled JavaScript files to evade detection by traditional antivirus solutions. Fraudulent apps and websites were created, supported by thousands of malicious ads, with 35,000 served in the EU alone. Victims download an MSI installer that executes profiling scripts to gather essential data. The final payload, executed via Node.js, is designed to steal crypto-related credentials and private keys, marking a significant risk for users.
Cryptocurrency users are being targeted by a highly sophisticated, widespread cybercriminal campaign with the goal of deploying malware capable of grabbing exchange and wallet information.
Check Point says that just in the European Union (EU), 35,000 malicious ads were served between January and June 2025.
People who fall for the scam download an MSI installer which triggers a sequence of profiling scripts that gather critical system information.
What makes this malware particularly dangerous is the use of compiled JavaScript files.
Collection
[
|
...
]