Security firm warns of JSCEAL malicious activity targeting cryptocurrency users on a large scale

PANews reported on July 31st that cybersecurity company Check Point reported that researchers recently discovered a large-scale malicious campaign called JSCEAL, in which attackers exploited the Node.js platform using compiled JavaScript files to target cryptocurrency application users. This campaign has been active since March 2024, with attackers using fake advertisements to trick users into downloading and installing malicious programs impersonating nearly 50 major cryptocurrency trading applications. In the first half of 2025, approximately 35,000 related malicious advertisements were posted, garnering millions of impressions in the EU alone. The attack process is multi-layered and possesses strong anti-detection capabilities, capable of stealing sensitive information such as user credentials and wallets, and possessing remote control, keylogging, and browser traffic hijacking capabilities. Research indicates that the detection rate of this malicious program is extremely low, and some variants have long remained unrecognized by mainstream antivirus software. Users are reminded to remain vigilant and avoid downloading cryptocurrency applications through unofficial channels.