Cybercriminals are abusing Meta’s promoting platforms with faux affords of a free TradingView Premium app that spreads the Brokewell malware for Android.
The marketing campaign targets cryptocurrency property and has been working since a minimum of July twenty second by way of an estimated 75 localized adverts.
Brokewell has been round since early 2024 and encompasses a broad set of capabilities that embrace stealing delicate information, distant monitoring and management of the compromised machine.
Taking on the machine
Researchers at cybersecurity firm Bitdefender investigated the adverts within the marketing campaign, which use the TradingView branding and visuals and lure potential victims with the promise of a free premium app for Android.
sourcce Bitdefender
They be aware that the marketing campaign was particularly designed for cell customers, as accessing the advert from a unique working system would result in innocent content material.
Clicking from Android, nonetheless, redirected to a webpage mimicking the unique TradingView website that supplied a malicious tw-update.apk file hosted at tradiwiw[.]on-line/
“The dropped software asks for accessibility, and after receiving it, the display is roofed with a faux replace immediate. Within the background, the applying is giving itself all of the permissions it wants,” the researchers say in a report this week..
Moreover, the malicious app additionally tries to acquire the PIN for unlocking the machine by simulating an Android replace request that wants the lockscreen password.
supply: Bitdefender
Based on Bitdefender, the faux TradingView app is “a complicated model of the Brokewell malware” that comes “with an unlimited arsenal of instruments designed to watch, management, and steal delicate info:”
- Scans for BTC, ETH, USDT, checking account numbers (IBANs)
- Steals and exports codes from Google Authenticator (2FA bypass)
- Steals account by overlaying faux login screens
- Information screens and keystrokes, steals cookies, prompts the digital camera and microphone, and tracks the placement
- Hijacks the default SMS app to intercept messages, together with banking and 2FA codes
- Distant management – can obtain instructions over Tor or Websockets to ship texts, place calls, uninstall apps, and even self-destruct
The researchers present a technical overview of how the malware works and an prolonged listing of supported instructions that features greater than 130 rows.
Bitdefender says that this marketing campaign is an element of a bigger operation that originally used Fb adverts impersonating “dozens of well-known manufacturers” to focus on Home windows customers.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and information exfiltration traits.
