🚨 10 Million Victims Lured by Fake Crypto Apps—Check Point Sounds Alarm

Phantom wallets strike again—cybercriminals just hijacked the hopes of 10 million investors with too-good-to-be-true app ads.

How? By weaponizing FOMO better than a Wall Street pump-and-dump scheme.

Check Point's latest report exposes a global phishing operation masquerading as legitimate trading platforms. No sophisticated tech—just old-school greed exploitation with crypto glitter.

Remember: If an app promises 100x returns without KYC, it's not a DeFi revolution—it's a exit scam waiting to happen.

Stealthy JavaScript Malware Evades Detection with Advanced Tactics

The malicious software leverages JavaScript and employs advanced evasion techniques, making it difficult to detect and analyze.

Check Point highlighted the role of social media platforms in enabling the campaign’s scale. Meta’s ad tools showed over 35,000 malicious advertisements were disseminated in just the first half of 2025.

While an estimated 3.5 million users in the European Union encountered these ads, Check Point noted the campaign also targeted users in Asia — regions where crypto trading and social media usage are particularly dense.

The firm stressed that estimating the precise number of infected devices remains difficult, given that ad impressions do not directly translate into malware infections.

Nonetheless, the campaign’s sophistication and broad targeting suggest the real impact could be much higher than initial estimates.

The malware tricks victims by presenting a website that closely resembles the real app’s homepage.

When users attempt to install what appears to be a legitimate application, a hidden malware installation runs in parallel.

The app often opens the actual platform’s interface to avoid suspicion, while stealing data in the background.

Thousands tricked by fake crypto apps via Facebook ads.

They install a stealthy new malware—JSCEAL—that hijacks wallets, steals passwords in real-time, and evades most detection tools.

Worse? It's still active.

Here’s how it works (and how to avoid it) ↓… pic.twitter.com/BnpsGI5RLZ

Once installed, the malware collects a wide range of personal information. This includes keystrokes, which can expose passwords, Telegram credentials, browser cookies, and even saved autofill data.

It also has the capability to manipulate crypto browser extensions like MetaMask, making it a significant threat to digital asset holders.

Check Point emphasized that the malware’s design relies heavily on obfuscation and compiled code, further complicating analysis.

The goal appears to be the extraction of as much device and user data as possible, sending it to threat actors likely seeking to monetize the information or breach users’ crypto wallets.

Study Reveals Widespread Leaks of Crypto Keys

A recent study has revealed the extent of sensitive information leaked through ransomware attacks and data breaches, including key financial documents and crypto keys.

The report, which analyzed over 141 million records from 1,297 breach incidents, revealed that cryptographic keys were stolen in 18% of the breaches.

Financial documents appeared in 93% of the breach incidents studied, accounting for 41% of all analyzed files.

Nearly half included bank statements, and over a third contained International Bank Account Numbers.

In 82% of the cases, customer or corporate personally identifiable information (PII) was exposed, much of it originating from customer service interactions.