Cybercriminals Exploit Facebook Ads to Distribute JSCEAL Malware

[fullfitlarry]

I have been seeing a lot of ads lately with regards to cryptocurrency services like exchanges and trading view and I said that it's no way that this company will go to lengths to put a facebook ad.

But now what I suspect must be true as those ads are poison with malware that is know as JSCEAL and their target is to steal our cryptos.

I'm not new in the world of crypto, as I have been in the market for the last couple of years and been lurking in this community. But I think I have to warn members here about the dangers of this kind of ad campaigns that target us in one of the biggest social media platform.

https://research.checkpoint.com/2025/jsceal-targets-crypto-apps/

Here are the websites that are affected:

• WOWBIT
• Binance
• Bybit
• OKX
• KuCoin
• Crypto.com
• UPbit
• Bitget
• Remitano
• LBank
• Gate.io
• HTX
• Kraken
• Bitkub
• Bitazza
• CoinHub
• Bithumb
• Mercado Bitcoin
• VinDAX
• Twex Exchange
• BitcoinVN
• pdax.ph

So this is just a warning, just don't click any ads on facebook with regards to crypto as we might be the next victim here.

[TravelMug]

If I'm not mistaken, I have seen this kind of ads in Facebook, and I just did ignore them because when I hover on the link itself, it really looks very suspicious and if look at the comments, they also look fake itself like everyone is praising and thanking that supposedly apps. So that is also another read flag for me. In any case, we thank you for opening this thread and the eyes of the community. As this is going to be a continue battle against his cybercriminals who are going to take advantage of anything that they can get their hands to promote their scams. And as what we have known already, the best weapon for this kind of attacks is self-awareness specially that I saw one of our local crypto exchanges in that list and it's really very scary.

[highalch]

You have to fail on so many levels to fall victim to this.

First, you could've used Brave Browser, VPN, custom DNS or similar to block ads and trackers.

You could've ignored the ad.

You could've not downloaded the file.

Not run as administrator.

Not have approved permissions.

Have set safe withdrawal addresses on exchanges.

Have set 2FA or MFA for withdrawals.

Not kept your funds on an exchange.

And so on.

[Taskford]

If I'm not mistaken, I have seen this kind of ads in Facebook, and I just did ignore them because when I hover on the link itself, it really looks very suspicious and if look at the comments, they also look fake itself like everyone is praising and thanking that supposedly apps. So that is also another read flag for me. In any case, we thank you for opening this thread and the eyes of the community. As this is going to be a continue battle against his cybercriminals who are going to take advantage of anything that they can get their hands to promote their scams. And as what we have known already, the best weapon for this kind of attacks is self-awareness specially that I saw one of our local crypto exchanges in that list and it's really very scary.

I don't think I remember to see this kinds of ads but usually I don't also bother much to click the links of the ads I see on Meta(Facebook) especially if it related to crypto promotions and insane giveaways. Since I always think its a scam and just try to fool those gullible individual.

Its a big red flag if they see unusual thing and better they should not pay attention or stop clicking what they see online for their own safety.

Cyber criminals has lots of ways to deceive people and better they should not have curious thoughts then click anything so that they will not possibly get compromise by those malwares.

[goldkingcoiner]

It is best to simply have a good adblocker like Ublock Origin. Although it does not work on Chrome anymore, it does work on Firefox.

I must say, I am surprised to hear about Ads containing malware. Although I understand it is possible, it is the first time I have heard of a popular and official website having their ads exploited to target users with malware. But then again, what kind of a person clicks on ads other than the elderly?

We must always stay vigilant. Scammers and traps are everywhere and not even veterans who know the crypto space better than anyone are safe from these kinds of things. The worst thing you can do is become too relaxed or lazy.

[alani123]

This is one of the core reasons why using Adblock is a huge security advantage. If you aren't using any apps that force ads on you it's also an advantage. Ads are a huge intrusion and security risk. They're using flawed and outdated protocols to insert whatever someone else wants you to see, which can lead to compromises and many vulnerabilities.

[348Judah]

I'm not new in the world of crypto, as I have been in the market for the last couple of years and been lurking in this community. But I think I have to warn members here about the dangers of this kind of ad campaigns that target us in one of the biggest social media platform.

Those that cannot do without pressing ads should now pay attention to this, because scammers have now developed a new route in which they can attack using various ads they see people often click, as for me, right form time, am not the type that likes clicking on ads for any  reason, id rather prefer going to an official platform of an intended website than going through ads, i can also see a number of exchanges that this same attacked of malware could affect and steal our digital asset

[rdluffy]

Thanks for the warning 
I always advise everyone, not just when talking about crypto, but in general, never to click on any ads, none whatsoever
If you are interested in what the ad is promoting, I always recommend going to the official website and then taking advantage of any promotion that the ad may be promoting

I don't use an ad blocker because it interferes with some websites that I use constantly, but I never click on any ads

Remember that you don't have to click on the ad to be infected. You have to install a malicious app

[CryptSafe]

For some time now have had these ads popping up whenever I am streaming online via Facebook and other social media apps. Some games also advertise some loan apps and trading platforms.  Sincerely speaking, the ads are unbecoming as I am no longer comfortable with them, even when I deactivate them, they seem to keep popping up, which I'm yet to understand how it happens. But I cannot make the mistake of downloading those apps being advertised via these ads because they are misleading and are traps set by scammers to steal from people. Imagine all these itemised lists as presented, which we all know to be big organisations in the crypto space now doing ads to get a customer base, which we know they would not bother themselves doing because they are a well-known institution, as their name speaks for them very loudly and clearly.

I will advise that nobody clicks such an ad link and not to think of downloading it because a little mistake of downloading such might be the beginning of your doom, as you might not like the result or outcome of your silly mistake being made, it is not only through ads, other sources as well could send you link via dm, text message and convenient means that could allow or warrant you to download such app.. Always verify the source of information before acting upon it so you do not make any silly mistake that could cost you your assest amd other vital and important information.

[tech30338]

I have been seeing a lot of ads lately with regards to cryptocurrency services like exchanges and trading view and I said that it's no way that this company will go to lengths to put a facebook ad.

But now what I suspect must be true as those ads are poison with malware that is know as JSCEAL and their target is to steal our cryptos.

I'm not new in the world of crypto, as I have been in the market for the last couple of years and been lurking in this community. But I think I have to warn members here about the dangers of this kind of ad campaigns that target us in one of the biggest social media platform.

https://research.checkpoint.com/2025/jsceal-targets-crypto-apps/

Here are the websites that are affected:

• WOWBIT
• Binance
• Bybit
• OKX
• KuCoin
• Crypto.com
• UPbit
• Bitget
• Remitano
• LBank
• Gate.io
• HTX
• Kraken
• Bitkub
• Bitazza
• CoinHub
• Bithumb
• Mercado Bitcoin
• VinDAX
• Twex Exchange
• BitcoinVN
• pdax.ph

So this is just a warning, just don't click any ads on facebook with regards to crypto as we might be the next victim here.

I have tried using pfsense that automatically block ads, tries it for couple of months and like it since if there is any ads trying to run, it automatically blocked the content.
okay so if we cannot invest on appliance that has blocking features, we should always be aware that the only way to be safe, aside from not clicking ads, is to go to the official website or not using links, or clicking them, and also why would facebook not do anything about it, since its in their platform?