Check Point Research warns that 10 million users globally have become victims of malicious ads promoting fake crypto applications.
Malicious Advertising Campaigns
According to Check Point, an active malware campaign named 'JSCEAL' has been targeting crypto users since March 2024 by using fake applications that impersonate popular trading platforms such as Binance, MetaMask, and Kraken. In the first half of 2025, 35,000 such malicious ads were identified with millions of views in the EU.
Evasion Methods
The campaign employs 'unique anti-evasion methods' that result in extremely low detection rates. When users click on a malicious ad, they are redirected to a site that appears legitimate, complicating the analysis and detection of malicious content. The malware collects sensitive information despite the application's seemingly legitimate appearance.
User Data Collection
The main purpose of the malware is to gather as much information from the infected device as possible. It captures keystrokes to obtain passwords, collects Telegram account data, and gathers browser cookies, allowing perpetrators to track victims’ behaviors and manipulate crypto-related extensions like MetaMask.
This threat emphasizes the importance of vigilance when using crypto applications and the need for effective protective measures such as anti-malware software.
