BlockBeats news, on July 31, security company Check Point reported that its researchers recently discovered a large-scale malicious campaign named JSCEAL, where attackers exploit compiled JavaScript files through the Node.js platform to target cryptocurrency users. This operation has been active since March 2024, with attackers luring users to download malicious programs masquerading as nearly 50 mainstream cryptocurrency trading applications through fake advertisements.
In the first half of 2025, there were about 35,000 related malicious advertisements, which received millions of exposures in the EU region alone. The attack process is multi-layered, featuring strong anti-detection capabilities, and is capable of stealing sensitive information such as user credentials and wallets, as well as possessing functions like remote control, keylogging, and browser traffic hijacking. Research indicates that the detection rate of this malware is extremely low, with some variants remaining unrecognized by mainstream antivirus software for extended periods, reminding users to stay vigilant and avoid downloading cryptocurrency applications through unofficial channels.