Hackers Use Social Media Ads to Spread Dangerous Malware
Cybersecurity experts have uncovered a scam where fake cryptocurrency trading apps are being used to spread a dangerous malware called JSCEAL. This malware steals login info, crypto wallet data, and more.
Hackers post fake ads on Facebook using stolen or fake accounts. These ads lead victims to fake websites that look like real services (like TradingView), tricking them into downloading harmful apps.
The malware is hidden in parts—some in the website’s code, others in the app installer. It avoids detection by running only under specific conditions, such as when the user clicks through Facebook or is in a targeted region.
Once installed, the app silently opens a real website to avoid suspicion. In the background, it collects system data, records keystrokes, takes screenshots, and steals passwords and crypto wallet info. It also sets up a local proxy to spy on web traffic and inject malicious code into banking and crypto websites.
JSCEAL is highly advanced, using hidden and compiled JavaScript code to avoid security tools and gain full control over the victim’s device.
How to Stay Safe:
- Avoid clicking on crypto-related ads, especially on social media.
- Download apps only from official stores (Google Play, Apple App Store) or trusted sources.
- Verify URLs carefully—scammers often use fake websites that look like real ones.
- Use antivirus and anti-malware software that can detect suspicious behavior.
- Enable two-factor authentication (2FA) on all accounts, especially those related to crypto.
- Keep your system and browser up to date to patch security holes.
- Never enter private keys or wallet info on unfamiliar sites or apps.
Source: https://thehackernews.com/2025/07/hackers-use-facebook-ads-to-spread.html