Security news is often sober, especially as of late. Many huge data breaches have come to light this year alone, and security vulnerabilities keep coming at us, too—like this week’s report about a massive issue with Secure Boot, one of the core methods used to keep your PC safe from sneaky attacks…
Security news is often sober, especially as of late. Many huge data breaches have come to light this year alone, and security vulnerabilities keep coming at us, too—like this week’s report about a massive issue with Secure Boot, one of the core methods used to keep your PC safe from sneaky attacks… Read More
Check Point finds thousands of ads promoting fake crypto apps The apps come with an infostealer malware targeting users The infostealer can bypass most antivirus protections Cryptocurrency users are being targeted by a highly sophisticated, widespread cybercriminal campaign with the goal of deploying malware capable of grabbing exchange and wallet information, essentially robbing the people
Published
14 hours ago
in
By
Check Point finds thousands of ads promoting fake crypto apps
The apps come with an infostealer malware targeting users
The infostealer can bypass most antivirus protections
Cryptocurrency users are being targeted by a highly sophisticated, widespread cybercriminal campaign with the goal of deploying malware capable of grabbing exchange and wallet information, essentially robbing the people of their tokens, experts from Check Point have warned.
Apparently active since March 2024, what makes this campaign, dubbed JSCEAL by the researchers, unique is the use of compiled JavaScript files (JSC), which allows the malware to remain hidden from most traditional antivirus solutions.
The criminals created fake cryptocurrency exchange and wallet apps, which come with an infostealer. They also created websites to host these apps, and managed to purchase thousands of advertisements on the internet to promote the scam. Check Point says that just in the European Union (EU), 35,000 malicious ads were served between January and June 2025.
You may like
Criminals are targeting Bitcoin owners on Facebook with a multi-stage malware campaign – follow these steps to stay safe
Stop using these 22 Android crypto and wallet apps ASAP, or you risk losing all your cryptocurrency
Mac users beware – fake Ledger apps are being used by hackers to steal seed phrases and hack accounts
JSCEAL malware
“The use of Facebook’s Ad Library enabled us to estimate the campaign’s reach, while in a very conservative approach we can estimate the total reach of the malvertising campaign at 3.5 million users within the EU alone, and likely above 10 million users worldwide,” the researchers explained.
People who fall for the scam download an MSI installer which triggers “a sequence of profiling scripts” that gather critical system information. These scripts also use PowerShell commands to collect and exfiltrate data, in preparation of the final payload deployment.
This final payload is the JSCEAL malware, which steals crypto-related data such as credentials and private keys. The payload is executed through Node.js, it was said.
What makes this malware particularly dangerous is the use of compiled JavaScript files.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Listen up, IT professionals. If you’re still treating cybersecurity like a checkbox exercise, you’re already three steps behind the attackers. The digital battlefield has changed, and the old rules no longer apply. Gone are the days when a firewall and antivirus software were enough to keep your organization safe…
Published
3 weeks ago
in
By
Listen up, IT professionals. If you’re still treating cybersecurity like a checkbox exercise, you’re already three steps behind the attackers. The digital battlefield has changed, and the old rules no longer apply. Gone are the days when a firewall and antivirus software were enough to keep your organization safe… Read More
Global cybersecurity company Kaspersky said on Wednesday that nearly 8,500 users from small and medium-sized businesses (SMBs) faced cyberattacks in the year so far, where “malicious or unwanted software” was disguised as popular online productivity tools. In April, Kaspersky — a cybersecurity company that provides antivirus and other security software for computers and mobile devices
Published
4 weeks ago
in
By
Global cybersecurity company Kaspersky said on Wednesday that nearly 8,500 users from small and medium-sized businesses (SMBs) faced cyberattacks in the year so far, where “malicious or unwanted software” was disguised as popular online productivity tools.
In April, Kaspersky — a cybersecurity company that provides antivirus and other security software for computers and mobile devices — said that widespread adoption of artificial intelligence (AI) and machine learning technologies in recent years has provided “threat actors with sophisticated new tools to perpetrate attacks”… Read More
