Knockoff cryptocurrency trading apps have been leveraged to distribute the new credential- and crytowallet-targeting JSCEAL V8 JavaScript malware as part of a new malvertising campaign, according to The Hacker News.
Threat actors used malicious ads on Facebook redirecting to hoax websites imitating TradingView and other legitimate services that lure targets into downloading the bogus apps, a report from Check Point Research revealed. Installing the fake apps triggers several DLL libraries meant to obtain system data and facilitate device fingerprinting prior to the eventual deployment of the JSCEAL malware. Aside from exfiltrating system details, auto-fill passwords, browser cookies, keystrokes, and Telegram account data, JSCEAL also enables cryptowallet manipulation, adversary-in-the-middle attacks, and remote access trojan compromise. "This sophisticated piece of malware is designed to gain absolute control of the victim machine, while being resilient against conventional security tools. The combination of compiled code and heavy obfuscation, while displaying a wide variety of functionality, made analysis efforts challenging and time-consuming," said Check Point.
Threat actors used malicious ads on Facebook redirecting to hoax websites imitating TradingView and other legitimate services that lure targets into downloading the bogus apps, a report from Check Point Research revealed. Installing the fake apps triggers several DLL libraries meant to obtain system data and facilitate device fingerprinting prior to the eventual deployment of the JSCEAL malware. Aside from exfiltrating system details, auto-fill passwords, browser cookies, keystrokes, and Telegram account data, JSCEAL also enables cryptowallet manipulation, adversary-in-the-middle attacks, and remote access trojan compromise. "This sophisticated piece of malware is designed to gain absolute control of the victim machine, while being resilient against conventional security tools. The combination of compiled code and heavy obfuscation, while displaying a wide variety of functionality, made analysis efforts challenging and time-consuming," said Check Point.
