Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called JSCEAL that can capture data such as credentials and wallets.
The activity leverages thousands of malicious advertisements posted on Facebook in an attempt to redirect unsuspecting victims to counterfeit sites that instruct them to install the bogus apps, according to Check Point. These ads are shared either via stolen accounts or newly created ones.
"The actors separate the installer's functionality into different components and most notably move some functionality to the JavaScript files inside the infected websites," the company said in an analysis. "A modular, multi-layered infection flow enables the attackers to adapt new tactics and payloads at every stage of the operation."
thehackernews.com
