- Check Point finds thousands of ads promoting fake crypto -Apps
- Apps come with an infoTealer -Malware that is targeted at users
- InfoTeals can bypass most antivirus protection
Cryptocurrency users are targeted by a very sophisticated, widespread cybercrimal campaign with the goal of implementing malware capable of seizing exchange and wallet information, essentially freeing the people of their tokens, experts from checkpoint have warned.
Apparently active since March 2024, what makes this campaign, called JSCeal by the researchers, is unique, is the use of compiled JavaScript files (JSC) that allow malware to remain hidden from most traditional antivirus solutions.
The criminals created fake cryptocurrency exchange and wallet apps that come with an infoTeal. They also created sites to host these apps and managed to buy thousands of advertising on the Internet to promote Fidus. Check Point says that precisely in the European Union (EU) 35,000 malicious ads were served between January and June 2025.
JSCeal Malware
“The use of Facebook’s ad library enabled us to estimate the range of the campaign, while in a very conservative approach we can estimate the overall range of the Malvertising campaign to 3.5 million users within the EU alone and probably over 10 million users around the world,” the researchers explained.
People who fall for scam download an MSI installation program that triggers “a number of profiling scripts” that collect critical system information. These scripts also use PowerShell commands to collect and exfilter data in preparation of the final payload installation.
This final payload is JSCeal Malware that steals crypto-related data such as credentials and private keys. The payload is done via node.js, it was said.
What makes this malware particularly dangerous is the use of compiled JavaScript files.
“The JSCeal campaign uses compiled V8 JavaScript (JSC) files, a lesser known feature of Google’s V8 engine that enables code connection and evasion of static analysis,” the researchers added.
“This innovative technique allows attackers to bypass detection systems, making it extremely challenging to detect the malicious code until it is performed. JSCeal is remarkable for its scale, technical complexity and persistence after developing significantly since its discovery.”
Even today, many versions of malware remain undetected by ordinary security tools.
Anyone who touched their data may be threatened must ensure that their antivirus protection is up to date -we have rounded off the best free antivirus software around -and for those who prefer to use Apple technology, also the best Mac antivirus software.
