Cybersecurity threats targeting cryptocurrency users have escalated through the misuse of Node.js and fake applications. Since October 2024, threat actors have launched a malware campaign deploying fake Binance and TradingView installers, leveraging Node.js and PowerShell to deliver malicious payloads including ClickFix tricks, SectopRAT malware, fake PDF tools, and HR-themed phishing attacks. Additionally, Chinese Android phones have been found pre-installed with counterfeit WhatsApp and Telegram apps aimed at crypto users. WhatsApp has been a frequent vector for scams, with hackers now exploiting calls, messages, and photos to target users. In response, WhatsApp plans to notify users with guidance on protecting themselves from scams. These developments highlight ongoing cybersecurity challenges in the cryptocurrency and messaging app ecosystems.