Crypto Users Targeted by Malware Hidden in Fake Apps 10 Million at Risk

Date: 1 August 2025

Source: Cointelegraph / Check Point Research

Introduction

A silent cyberattack is underway, and it could be affecting millions. Over 10 million people globally have been exposed to fake crypto apps that secretly steal credentials, passwords, and access to wallets.

These malware-laden apps are being promoted through paid ads on social media platforms like Facebook and Instagram, according to Check Point Research.

This threat isn’t just technical it’s personal. When trust is broken and funds vanish, victims are often left without options. That’s the dark reality of decentralised finance when security is compromised.

Malware Disguised as Trusted Crypto Apps

The malware campaign, dubbed JSCEAL, has been active since March 2024. It mimics the appearance of almost 50 popular cryptocurrency platforms such as Binance, MetaMask, Kraken, and even financial data services like TradingView.

Malicious ads are the entry point. Once clicked, they direct users to fake websites that look almost identical to the real platforms. Victims unknowingly download a fake app that secretly runs a second process in the background, stealing everything from passwords and Telegram account details to crypto wallet credentials and browser cookies.

The app even redirects users to the real platform’s interface to avoid raising suspicion.

Stealth Tactics and JavaScript Exploits

What makes JSCEAL particularly dangerous is its use of JavaScript meaning it doesn’t need your permission to run. It uses “compiled code” and “heavy obfuscation,” making it extremely hard to detect.

Once installed, it can:

• Log keystrokes

• Steal auto-fill passwords

• Collect cookies and web activity

• Hijack crypto browser extensions like MetaMask

The malware even avoids detection by using advanced anti-evasion techniques. By running its payload and the fake website at the same time, it tricks antivirus software and security systems.

Global Exposure and No Easy Fix

According to Meta’s ad data, over 35,000 malicious ads were run in just the first half of 2025. Check Point estimates around 3.5 million users in the EU alone were exposed, with many more in Asia and other regions with high crypto usage.

Despite these numbers, the full extent of the damage is impossible to track blockchain anonymity and lack of regulation mean stolen funds are rarely recovered.

AI-Powered Sentiment Analysis

Our AI analysis of this article revealed:

• sentiment_score: -0.49 A negative tone reflects fear, risk, and victimisation.

• Financial Sentiment: -1.31 Strongly negative due to user losses, financial risk, and threat to wallet security.

• Polarity Score: -0.38 Leaning negative. Emphasises the urgency and seriousness of the malware threat.

• Subjectivity Score: 0.47 Balanced between facts and concern-driven warnings. It’s informative, yet human.

These scores suggest that the article communicates real danger and seeks to alert users in a relatable, easy-to-understand way, while still grounded in verified reporting.

Read More

Read the full article on: https://cointelegraph.com/news/crypto-users-warned-as-ads-push-malware-laden-crypto-apps

Explore more articles on Hikarinova Blog 

We’re Getting Ready to Launch Our Test Pilot Program in the U.S. and Asia

We’re about to open up early access for a small group of test pilots in the U.S. and Asia.

If you’re curious about where automated trading is headed and want to be part of building something from the inside this is your chance. As a test pilot, you’ll get hands-on access, early features, and a direct line to the team. Your feedback will help shape the product before full release.

More details will be shared soon stay tuned.

Disclaimer

This article was generated using AI and reviewed for accuracy. The information presented is for educational purposes only and should not be construed as financial advice. Always consult with a professional before making investment decisions.