Cybersecurity firm Check Point warns that 10 million people globally have been exposed to fake crypto apps with malware. The campaign, named “JSCEAL,” targets crypto users by impersonating popular trading apps like Binance and MetaMask. Victims who click on malicious ads are directed to fake sites to download malware, collecting sensitive user information.

Check Point reveals that Meta’s ad tools displayed 35,000 malicious ads in the first half of 2025, with an estimated 3.5 million exposed in the EU alone. The malware campaign uses unique anti-evasion methods, resulting in extremely low detection rates. The malware collects sensitive information like passwords, Telegram account details, and browser cookies.

The malware campaign uses JavaScript to run without the victim’s input, making it hard to detect. It tricks victims into downloading fake apps that collect sensitive information, including passwords and browser history. Check Point recommends anti-malware software to prevent attacks on infected devices. Malicious ads have also targeted Asian crypto and financial institutions, reaching a global audience of potentially over 10 million users.

Read more at Cointelegraph: Malware Ads Posing As Crypto Apps May Have Reached 10M users