JSCEAL Scam Targets Crypto Users with 35K Malicious Ads

Crypto News Exploits

JSCEAL Scam Targets Crypto Users with 35,000 Malicious Ads

Written by Aaron S.,

Editor-In-Chief

Last Updated: July 31, 2025

Key Takeaways

Over 10 million people may have seen fake crypto ads spreading malware disguised as apps like Binance and MetaMask, Check Point warned;
The malware, active since March 2024, uses JavaScript to quietly collect private data like passwords, logins, and Telegram info;
Meta reported 35,000 malicious ads in early 2025, but the global scale is likely larger due to targeting in both Europe and Asia.

Stop overpaying - start transferring money with Ogvio. Join the waitlist & grab early Rewards NOW! 🎁

JSCEAL Scam Targets Crypto Users with 35,000 Malicious Ads

BITDEGREE IN YOUR SOCIAL FEED

Cybersecurity company Check Point has warned that over 10 million people may have been exposed to malware through fake crypto apps promoted via online ads.

The campaign, known as "JSCEAL", has been active since at least March 2024, according to a July 29 report by Check Point.

It works by imitating nearly 50 well-known cryptocurrency platforms, including Binance $6.85B and Kraken $304.04M , to trick users into downloading harmful software.

Is Decentralized Anonymous Blockchain a Myth? (Explained!)

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

Check Point stated that Meta’s internal data showed over 35,000 such ads were displayed in early 2025. The firm estimated that at least 3.5 million people in the EU saw these ads.

Since the campaign also mimicked platforms in Asia, where social media use is widespread, the global reach is believed to be much higher. However, Check Point explained that not every view results in infection, and the total number of actual victims is hard to confirm.

The malware is built with JavaScript, which runs without needing any further input from the user. Check Point said the code is hard to examine because it is heavily disguised.

If installed, the malware collects private information from the device. This includes things like keyboard activity that can reveal passwords, Telegram session data, stored login credentials, and browser cookies.

It can also affect crypto wallet browser extensions like MetaMask, which may increase the risk of unauthorized access.

Recently, Sentinel Labs discovered a hacking campaign that uses fake video meetings and disguised software updates to plant malware on Apple computers. How does the malware work? Read the full story.