Sealed Chain of Deception: Actors leveraging Node.JS to Launch JSCeal

SUMMARY :

A sophisticated malware campaign called JSCEAL is targeting cryptocurrency users through fake apps impersonating popular trading platforms. The attackers use malicious ads to lure victims into downloading installers that deploy a multi-stage infection chain. This includes PowerShell scripts for profiling and a final payload of compiled JavaScript (JSC) files executed via Node.js. The JSCEAL malware steals crypto-related data and credentials while employing advanced evasion techniques. The campaign has potentially reached millions of users across multiple countries, primarily targeting the cryptocurrency and financial sectors.

OPENCTI LABELS :

powershell,stealer,malvertising,evasion,cryptocurrency,multi-stage,node.js,fake apps,jsc,jsceal


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Sealed Chain of Deception: Actors leveraging Node.JS to Launch JSCeal