According to PANews, cybersecurity company Check Point has identified a significant malicious campaign named JSCEAL, targeting cryptocurrency application users through the Node.js platform. This campaign, active since March 2024, involves attackers using fake advertisements to trick users into downloading malicious programs disguised as nearly 50 mainstream cryptocurrency trading applications. In the first half of 2025, approximately 35,000 related malicious ads were circulated, garnering millions of views in the EU alone.
The attack process is multi-layered, exhibiting strong anti-detection capabilities. It can steal sensitive information such as user credentials and wallets, and it includes features for remote control, keylogging, and browser traffic hijacking. Research indicates that the detection rate for this malware is extremely low, with some variants going undetected by mainstream antivirus software for extended periods. Users are advised to remain vigilant and avoid downloading cryptocurrency applications from unofficial sources.