Security firm warns of JSCEAL malicious activity targeting cryptocurrency users on a large scale

Cybersecurity firm Check Point reports that researchers recently uncovered a large-scale malicious campaign dubbed JSCEAL, targeting cryptocurrency application users through the Node.js platform and leveraging compiled JavaScript files. This campaign, active since March 2024, uses fake advertisements to trick users into downloading and installing malicious programs impersonating nearly 50 major cryptocurrency trading applications. In the first half of 2025, approximately 35,000 malicious ads were displayed, garnering millions of impressions in the EU alone.