- Check Point finds thousands of announcements to promote false cryptographic applications
- Applications are delivered with infosseled malware targeting users
- Infostal can bypass most antivirus protections
Cryptocurrency users are targeted by a very sophisticated and widespread cybercriminal campaign in order to deploy malware capable of entering exchange and portfolio information, essentially favoring people from their tokens, have warned check point experts.
Apparently active since March 2024, which makes this campaign, nicknamed JSCEAL by researchers, is unique, it is the use of compiled JavaScript files (JSC), which allows malicious software to stay hidden from most traditional antivirus solutions.
Criminals have created false cryptocurrency and wallet exchange applications, which come with an infosteator. They also created websites to host these applications and managed to buy thousands of advertisements on the Internet to promote the scam. The control point indicates that in the European Union (EU), 35,000 malicious advertisements were disseminated between January and June 2025.
Malware JSNEL
“The use of the Facebook advertising library has enabled us to estimate the scope of the campaign, while in a very conservative approach, we can estimate the total scope of the Malvertization campaign at 3.5 million users within the EU only, and probably above 10 million users worldwide,” the researchers said.
People who fall into the scam to download an MSI installer that triggers “a sequence of profiling scripts” which collect critical system information. These scripts also use PowerShell commands to collect and exfil the data, in preparation for the final deployment of the payload.
This final payload is JSCEAL malware, which steals data related to crypto such as identification information and private keys. The payload is executed via node.js, it was said.
What makes this software malware particularly dangerous is the use of compiled JavaScript files.
“The JSCECAL campaign uses compilted V8 JavaScript (JSC) files, a less known functionality of the Google V8 engine which allows the obscure of the code and the escape of static analysis,” added the researchers.
“This innovative technique allows attackers to bypass detection systems, which makes it extremely difficult to detect the malicious code until its execution. JSCEAL is notable for its scale, its technical complexity and its persistence, having evolved significantly since its discovery. ”
Even today, many versions of malware remains not detected by current safety tools.
Anyone concerned, his data can be threatened should ensure that his antivirus protections are up to date – we have gathered the best free antivirus software around – and for those who prefer to use Apple technology, also the best Mac Antivirus software.
