A stealth malware campaign imitating nearly 50 popular cryptocurrency platforms has exposed over 10 million people worldwide, cybersecurity firm Check Point Research has revealed.
The campaign, dubbed JSCEAL, has been silently operating since at least March 2024 and continues to expand, relying on deceptive advertisements to lure unsuspecting users into downloading malware-laced crypto apps.
Check Point found that the malware disguises itself behind lookalike interfaces of widely used platforms such as Binance, MetaMask, and Kraken.
Victims are tricked into clicking online ads that lead to realistic-looking websites, where they unknowingly install malicious software.
Once downloaded, the malware collects sensitive user information in the background, all while mimicking the behaviour of legitimate apps to avoid raising suspicion.
In many cases, the fake app launches the actual crypto platform’s interface, adding to the illusion that nothing is amiss.
But behind the scenes, it siphons data including keystrokes, Telegram login credentials, browser cookies, and saved autofill information—posing serious risks to users’ crypto wallets and personal security.
Source: Check Point
Unlike typical malware, JSCEAL relies on JavaScript, a web-based programming language that doesn’t need user interaction to activate.
Its behaviour is heavily concealed using compiled code and complex obfuscation techniques, making it extremely difficult to detect.
Check Point described the malware as employing “unique anti-evasion methods,” which helped it remain hidden for more than a year.
Analysts said that the malware's structure—where the fake installer and the legitimate-looking app run simultaneously—makes it nearly impossible to analyse each component in isolation.
Meta’s ad systems revealed that more than 35,000 malicious ads were distributed during the first half of 2025 alone, contributing to millions of views, particularly in regions with high crypto and social media activity.
Malicious ads on Facebook (Source: Check Point)
The campaign was especially widespread across the European Union and Asia, with at least 3.5 million users in the EU estimated to have seen the fake promotions.
The total number of infected users remains unclear, as ad impressions don’t equate directly to malware installations.
However, Check Point warns that the actual impact may be “much higher than initial estimates” due to the campaign’s scale and level of sophistication.
One of the most dangerous elements of JSCEAL is its ability to tamper with crypto-related browser extensions, particularly MetaMask.
Once installed, the malware can manipulate these tools to intercept or even redirect crypto transactions.
It also lifts stored login data from browsers, exposing bank information and personal credentials.
The malware is designed to collect as much device and user data as possible.
Experts believe that stolen information is transmitted to unknown threat actors, likely aiming to monetise the data or drain victims' crypto wallets.
Concerns are mounting over the role of digital ad platforms in the spread of malware, a problem underscored by the recent incident.
Check Point’s researchers stressed the need for better monitoring of ad systems to prevent such large-scale abuse.
They also urged crypto users to remain cautious when downloading apps, recommending the use of verified app stores and security software capable of detecting malicious JavaScript behaviour.
The firm warned that crypto holders, in particular, face a higher risk due to the difficulty of recovering stolen assets and tracing perpetrators within anonymous blockchain ecosystems.
“The global reach could easily exceed 10 million.”
BlackRock and Microsoft are launching a $30 billion AI investment fund, in collaboration with Global Infrastructure Partners, to support the growing demand for AI infrastructure. This fund aims to secure up to $70 billion in debt financing to build data centers and energy solutions necessary for advancing AI technology.
AnaisAt TOKEN2049 Singapore, Binance CEO Richard Teng discussed leading the company after founder CZ's imprisonment. Despite challenges, he expressed confidence in Binance's future, emphasizing its strong global team and community. Teng highlighted the importance of regulatory compliance as a competitive edge, particularly amidst evolving regulations and growing institutional adoption, such as ETFs.
CatherineLess than 50 days before the U.S. presidential election, Trump announced the official launch of the new financial revolution project World Liberty Financial, saying that cryptocurrency is a very powerful market. This move faces scrutiny from Democrats in the U.S. House of Representatives.
MiyukiAccording to data collected on the chain, China's cryptocurrency holdings are estimated at $11 billion, and the US government's holdings are ranked first at $12.2 billion. In terms of companies, Musk's Tesla ranked only fourth, lagging behind MicroStrategy's $14.768 billion.
AlexAt TOKEN2049 Singapore, Vitalik Buterin delighted the audience with a surprise performance of the Castle in the Sky theme song. He also discussed Ethereum’s reduced transaction fees as crucial for mainstream adoption and emphasized the need to balance decentralisation with practicality.
CatherineThe evolving landscape of crypto crime in 2024 was one of the focuses at TOKEN2049 Singapore. Although illicit activities have declined, challenges such as ransomware, scams, and sanctions evasion persist. Combating crypto crime in the future will depend on strengthening global collaboration and leveraging blockchain technology for better security and transparency.
CatherineAt TOKEN2049 Singapore, Vitalik Buterin, Star Xu, and Jeremy Allaire discussed the future of crypto, focusing on scalability, stablecoins, mainstream adoption, infrastructure, and self-custody. They emphasized the key factors that will shape the crypto ecosystem, from stablecoins' role in global finance to the need for scalable solutions and improved infrastructure.
CatherineTOKEN2049 discussions emphasized the need for stronger, more resilient permissionless AI systems. As AI rapidly advances, concerns over safety and ethical use raise critical questions about its future impact on society. Could AI pose a danger to humanity?
CatherineIggy Azalea's feud with Ethereum co-founder Vitalik Buterin stems from his criticism of celebrity-driven crypto projects like her meme coin, MOTHER. While Buterin focuses on blockchain technology's serious use, Iggy promotes her ventures with bold entertainment events, sparking controversy.
JoyHung Dinh, a notable figure in Vietnam's tech scene, faces allegations of misusing investor funds linked to the GM.AI project, raising concerns about the reputation of Vietnamese developers.
Anais