216.73.216.67

Sealed Chain of Deception: Actors leveraging Node.JS to Launch JSCeal

· Published 31/07/2025 09:54 · Modified 31/07/2025 11:17

Export JSON

Essential information

Published
31/07/2025 09:54
Modified
31/07/2025 11:17
Tags
2025-07-31 cryptocurrency evasion fake apps jsc jsceal malvertising multi-stage node.js powershell stealer
Related entities
200 observables, 13 techniques (mitre), 1 malware, 2 others

Description

A sophisticated malware campaign called is targeting users through impersonating popular trading platforms. The attackers use malicious ads to lure victims into downloading installers that deploy a infection chain. This includes scripts for profiling and a final payload of compiled JavaScript () files executed via . The malware steals crypto-related data and credentials while employing advanced techniques. The campaign has potentially reached millions of users across multiple countries, primarily targeting the and financial sectors.

External references