{"id":1704,"date":"2025-07-31T13:24:21","date_gmt":"2025-07-31T13:24:21","guid":{"rendered":"https:\/\/www.tsfactory.com\/forums\/?p=1704"},"modified":"2025-07-31T13:24:21","modified_gmt":"2025-07-31T13:24:21","slug":"hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps","status":"publish","type":"post","link":"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/","title":{"rendered":"Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps"},"content":{"rendered":"<p>Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called\u00a0<strong>JSCEAL<\/strong>\u00a0that can capture data such as credentials and wallets.<\/p>\n<p>The activity leverages thousands of malicious advertisements posted on Facebook in an attempt to redirect unsuspecting victims to counterfeit sites that instruct them to install the bogus apps, according to Check Point. These ads are shared either via stolen accounts or newly created ones.<\/p>\n<p>&#8220;The actors separate the installer&#8217;s functionality into different components and most notably move some functionality to the JavaScript files inside the infected websites,&#8221; the company\u00a0<a href=\"https:\/\/research.checkpoint.com\/2025\/jsceal-targets-crypto-apps\/\" target=\"_blank\" rel=\"noopener\">said<\/a>\u00a0in an analysis. &#8220;A modular, multi-layered infection flow enables the attackers to adapt new tactics and payloads at every stage of the operation.&#8221;<\/p>\n<p>It&#8217;s worth noting that some aspects of the activity were previously documented by\u00a0<a href=\"https:\/\/thehackernews.com\/2025\/04\/nodejs-malware-campaign-targets-crypto.html\" target=\"_blank\" rel=\"noopener\">Microsoft in April 2025<\/a>\u00a0and WithSecure as recently as this month, with the latter tracking it as\u00a0<a href=\"https:\/\/thehackernews.com\/2025\/07\/weekly-recap-sharepoint-breach-spyware.html#:~:text=New%20Campaign%20Targeted%20Crypto%20Users%20Since%20March%202024\" target=\"_blank\" rel=\"noopener\">WEEVILPROXY<\/a>. According to the Finnish security vendor, the campaign has been active since March 2024.<\/p>\n<p>The attack chains have been found to adopt novel anti-analysis mechanisms that rely on script-based fingerprinting, before delivering the final JSC payload.<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2025\/07\/hackers-use-facebook-ads-to-spread.html\">Read the Full Story Here<\/a><\/p>\n<p>Source: The Hacker News<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called\u00a0JSCEAL\u00a0that can capture data such as credentials and wallets. The activity leverages thousands of malicious advertisements posted on Facebook in an attempt to redirect unsuspecting victims to counterfeit sites that instruct them [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":484,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1704","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps - Community<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps - Community\" \/>\n<meta property=\"og:description\" content=\"Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called\u00a0JSCEAL\u00a0that can capture data such as credentials and wallets. The activity leverages thousands of malicious advertisements posted on Facebook in an attempt to redirect unsuspecting victims to counterfeit sites that instruct them [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/\" \/>\n<meta property=\"og:site_name\" content=\"Community\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/TSFactoryLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-31T13:24:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2021\/02\/facebook-logo-stats-2018.png\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"212\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Chelsie Wyatt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:site\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chelsie Wyatt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/\",\"name\":\"Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps - Community\",\"isPartOf\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2021\/02\/facebook-logo-stats-2018.png\",\"datePublished\":\"2025-07-31T13:24:21+00:00\",\"author\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/#primaryimage\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2021\/02\/facebook-logo-stats-2018.png\",\"contentUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2021\/02\/facebook-logo-stats-2018.png\",\"width\":600,\"height\":212},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.tsfactory.com\/forums\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/\",\"name\":\"Community\",\"description\":\"TSFactory\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\",\"name\":\"Chelsie Wyatt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"caption\":\"Chelsie Wyatt\"},\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps - Community","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/","og_locale":"en_US","og_type":"article","og_title":"Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps - Community","og_description":"Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called\u00a0JSCEAL\u00a0that can capture data such as credentials and wallets. The activity leverages thousands of malicious advertisements posted on Facebook in an attempt to redirect unsuspecting victims to counterfeit sites that instruct them [&hellip;]","og_url":"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/","og_site_name":"Community","article_publisher":"https:\/\/www.facebook.com\/TSFactoryLLC\/","article_published_time":"2025-07-31T13:24:21+00:00","og_image":[{"width":600,"height":212,"url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2021\/02\/facebook-logo-stats-2018.png","type":"image\/png"}],"author":"Chelsie Wyatt","twitter_card":"summary_large_image","twitter_creator":"@TSFactoryLLC","twitter_site":"@TSFactoryLLC","twitter_misc":{"Written by":"Chelsie Wyatt","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/","url":"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/","name":"Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps - Community","isPartOf":{"@id":"https:\/\/www.tsfactory.com\/forums\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/#primaryimage"},"image":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/#primaryimage"},"thumbnailUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2021\/02\/facebook-logo-stats-2018.png","datePublished":"2025-07-31T13:24:21+00:00","author":{"@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f"},"breadcrumb":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/#primaryimage","url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2021\/02\/facebook-logo-stats-2018.png","contentUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2021\/02\/facebook-logo-stats-2018.png","width":600,"height":212},{"@type":"BreadcrumbList","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/hackers-use-facebook-ads-to-spread-jsceal-malware-via-fake-cryptocurrency-trading-apps\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.tsfactory.com\/forums\/"},{"@type":"ListItem","position":2,"name":"Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps"}]},{"@type":"WebSite","@id":"https:\/\/www.tsfactory.com\/forums\/#website","url":"https:\/\/www.tsfactory.com\/forums\/","name":"Community","description":"TSFactory","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f","name":"Chelsie Wyatt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","caption":"Chelsie Wyatt"},"url":"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1704","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/comments?post=1704"}],"version-history":[{"count":1,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1704\/revisions"}],"predecessor-version":[{"id":1705,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1704\/revisions\/1705"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media\/484"}],"wp:attachment":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media?parent=1704"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/categories?post=1704"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/tags?post=1704"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}