JSCEAL Scam Targets Crypto Users with 35,000 Malicious Ads

The campaign, known as "JSCEAL", has been active since at least March 2024, according to a July 29 report by Check Point.

It works by imitating nearly 50 well-known cryptocurrency platforms, including Binance $10.7B and Kraken $527.99M , to trick users into downloading harmful software.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

How to Use Crypto? 5 Rewarding Strategies Explained (Animated)

SUBSCRIBE

ON YOUTUBE

Check Point stated that Meta’s internal data showed over 35,000 such ads were displayed in early 2025. The firm estimated that at least 3.5 million people in the EU saw these ads.

Since the campaign also mimicked platforms in Asia, where social media use is widespread, the global reach is believed to be much higher. However, Check Point explained that not every view results in infection, and the total number of actual victims is hard to confirm.

The malware is built with JavaScript, which runs without needing any further input from the user. Check Point said the code is hard to examine because it is heavily disguised.

If installed, the malware collects private information from the device. This includes things like keyboard activity that can reveal passwords, Telegram session data, stored login credentials, and browser cookies.

It can also affect crypto wallet browser extensions like MetaMask, which may increase the risk of unauthorized access.

Recently, Sentinel Labs discovered a hacking campaign that uses fake video meetings and disguised software updates to plant malware on Apple computers. How does the malware work? Read the full story.