Krutika Adani
Cybersecurity firm Check Point has flagged a malware campaign, “JSCEAL,” targeting crypto users via ads impersonating trusted apps like Binance and MetaMask. Over 10 million people could be affected.
Malicious ads redirect users to fake but convincing websites. These sites download malware that mimics nearly 50 real crypto apps while secretly stealing user data.
Utilising advanced anti-evasion tactics and JavaScript-based code, the malware operates silently, bypassing detection without requiring user input. It simultaneously opens legit app pages to trick victims.
The malware scoops up sensitive info like passwords, Telegram credentials, browser cookies, and crypto extension data — compromising user wallets and identities.
Install anti-malware tools that scan for malicious JavaScript. Always download crypto apps from official stores and avoid clicking on ads, especially those mimicking trading platforms