Subj : Major new malware strain targets crypto users via malicious ads - To : All From : TechnologyDaily Date : Wed Jul 30 2025 18:30:08 Major new malware strain targets crypto users via malicious ads - here's what we know, and how to stay safe Date: Wed, 30 Jul 2025 17:23:00 +0000 Description: Malware went undetected on many antivirus products, so be careful what you're downloading. FULL STORY ======================================================================Check Point finds thousands of ads promoting fake crypto apps The apps come with an infostealer malware targeting users The infostealer can bypass most antivirus protections Cryptocurrency users are being targeted by a highly sophisticated, widespread cybercriminal campaign with the goal of deploying malware capable of grabbing exchange and wallet information, essentially robbing the people of their tokens, experts from Check Point have warned. Apparently active since March 2024, what makes this campaign, dubbed JSCEAL by the researchers, unique is the use of compiled JavaScript files (JSC), which allows the malware to remain hidden from most traditional antivirus solutions. The criminals created fake cryptocurrency exchange and wallet apps, which come with an infostealer. They also created websites to host these apps, and managed to purchase thousands of advertisements on the internet to promote the scam. Check Point says that just in the European Union (EU), 35,000 malicious ads were served between January and June 2025. JSCEAL malware The use of Facebooks Ad Library enabled us to estimate the campaigns reach, while in a very conservative approach we can estimate the total reach of the malvertising campaign at 3.5 million users within the EU alone, and likely above 10 million users worldwide, the researchers explained. People who fall for the scam download an MSI installer which triggers a sequence of profiling scripts that gather critical system information. These scripts also use PowerShell commands to collect and exfiltrate data, in preparation of the final payload deployment. This final payload is the JSCEAL malware, which steals crypto-related data such as credentials and private keys. The payload is executed through Node.js, it was said. What makes this malware particularly dangerous is the use of compiled JavaScript files. The JSCEAL campaign uses compiled V8 JavaScript (JSC) files, a lesser-known feature of Googles V8 engine that enables code obfuscation and evasion of static analysis, the researchers added. This innovative technique allows attackers to bypass detection systems, making it extremely challenging to detect the malicious code until it executes. JSCEAL is notable for its scale, technical complexity, and persistence, having evolved significantly since its discovery. Even today, many versions of the malware remain undetected by common security tools. Anyone concerned their data may be under threat should ensure their antivirus protections are up to date - we've rounded up the best free antivirus software around - and for those who prefer using Apple technology, also the best Mac antivirus software . You might also like This dangerous new malware is hitting iOS and Android phones alike - and it's even stealing photos and crypto Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/major-new-malware-strain-targets-crypto -users-via-malicious-ads-heres-what-we-know-and-how-to-stay-safe --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .