Blog

The ads of malware that pretends with encryption applications has reached 10 meters users

Photo of cryptobizinvest.com cryptobizinvest.com Send an email July 31, 2025
0 0 2 minutes read


Choprsecurity Chopers Chopershesions warns about 10 million people worldwide for online ads.

Selection point research He said On Tuesday, she was following a malware campaign called “JSCEAL” targeting encryption users by impersonating joint encryption applications.

The company added that the campaign was active since March 2024, at least and “has evolved gradually over time.” It uses ads to deceive the victims to install fake applications “impersonating approximately 50 common cryptocurrency trading applications”, including Binance, Metamask and Kaken.

Current users a The main goal Among the various malicious campaigns, as the victims of the theft of encryption have little resort to recovering their money, and blowing the ban of bad actors, which makes it difficult to discover those behind the plans.

It is estimated to be 10 million targeting with harmful ads

Check Point said that the Meta Declaration tools showed that 35,000 harmful advertisements were promoted in the first half of 2025, which led to “a few million views in the European Union alone.”

The company estimated that at least 3.5 million has been subjected to advertising campaigns within the European Union, but it “impersonated Asian and financial institutions” – areas with greater number of social media users.

“Global access can easily exceed 10 million,” said Check Point.

The harmful Facebook ads using the popular financial data site logo. Source: The checkpoint

The company noted that it is usually impossible to determine the full range of the campaign of malicious programs and that access to the advertisement “is not equal to the number of victims.”

Harmful programs use “unique ways to smuggle”

Check Point said that the recent repetition of the malware campaign uses “unique methods of combating evasion”, which led to “very low detection rates” and allowed it not to be discovered for a long time.

Victims who click on a harmful advertisement are directed to a legitimate but fake site to download malware, and run the web site of the attacker and installation programs at the same time, which Check Point said, “Holds greatly complicates analysis and discovery efforts” as it is difficult to discover in isolation.

The fake application opens a program directed to the legal site of the application, which the victim believes has downloaded to deceive them, but in the background, it collects “sensitive user information, especially the encryption”.

Related to: The actors are threats that use the “Social Engineering Plan” to target encryption users – report

Men software uses the famous programming language Javascript, which does not need the inputs of the victim to run. “A mixture of translated code and extreme confusion” said its efforts to analyze harmful programs, “challenges and time consuming.”

Accounts and passwords were assembled in the malware network

Check Point said that the main purpose of harmful programs is to collect as much information as possible on the affected device to send it to the threat representative for its use.

Some of the information collected by the user’s keyboard inputs – which can reveal passwords – besides stealing Telegram account and passwords automatic completion.

Magistical programs also collect cookies for the browser, which can show the web sites that the victim has often visits, and can manipulate web accessories related to encryption such as Metamask.

He said that anti -programs programs for programs that discover the harmful JavaScript executions will be “very effective” in stopping an attack on an already infected device.

magazine: Inside 30,000 Phone BOT FARM Resealing Crypto Airroprops from real users