Cybersecurity researchers highlight a campaign distributing fake cryptocurrency trading apps with embedded JSCEAL malware that can steal sensitive data and control infected devices. The operation uses malicious Facebook ads and advanced obfuscation techniques to evade detection. #JSCEAL #FakeCryptoApps
Keypoints
- The campaign uses malicious Facebook ads to redirect users to counterfeit sites hosting trojanized apps.
- Attackers utilize a modular, multi-layered infection process with anti-analysis measures such as script-based fingerprinting.
- The malware can intercept web traffic, steal credentials, and act as a remote access trojan, with resilience against security tools.
- Final payload, JSCEAL, establishes a remote connection to exfiltrate data and manipulate cryptocurrency wallets.
- The infection relies on multiple components including DLL libraries, local servers, and obfuscated JavaScript files to evade detection.
Read More: https://thehackernews.com/2025/07/hackers-use-facebook-ads-to-spread.html