Ethical Hacking News
Malicious actors have been using fake ads on Meta's platforms to distribute the Brokewell Android malware, targeting cryptocurrency assets and stealing sensitive data. Find out more about this campaign and how you can protect yourself from similar threats.
The Brokewell Android malware has been distributed through fake ads on Meta's platforms, targeting cryptocurrency assets. The malware allows for stealing sensitive data, remote monitoring and control of the compromised device, and hijacking SMS apps to intercept messages. The fake TradingView app used in the campaign is an advanced version of the Brokewell malware with various tools for surveillance, data theft, and control. The attack highlights the need for increased vigilance and security awareness among consumers when clicking on ads or downloading apps from unfamiliar sources.
In a recent cybersecurity campaign, malicious actors have been using fake ads on Meta's platforms to distribute the Brokewell Android malware. The campaign, which has been running since at least July 22nd, targets cryptocurrency assets and has been displayed through an estimated 75 localized ads.
The Brokewell malware, which has been around since early 2024, features a broad set of capabilities that include stealing sensitive data, remote monitoring and control of the compromised device. The malware is particularly sophisticated, with the ability to scan for Bitcoin, Ethereum, USDT, bank account numbers (IBANs), steal codes from Google Authenticator, and hijack the default SMS app to intercept messages.
Researchers at cybersecurity company Bitdefender investigated the ads in the campaign, which use the TradingView branding and visuals to lure potential victims. The fake ads promise a free premium app for Android users, but instead redirect them to a webpage that provides a malicious tw-update.apk file hosted on a website mimicking the original TradingView site.
Once installed, the malicious app tries to obtain the PIN for unlocking the device by simulating an Android update request that needs the lockscreen password. The fake TradingView app also requests access to various permissions, including accessibility and location services.
According to Bitdefender, the fake TradingView app is "an advanced version of the Brokewell malware" that comes with a vast arsenal of tools designed to monitor, control, and steal sensitive information. These tools include:
* Scanning for Bitcoin, Ethereum, USDT, bank account numbers (IBANs)
* Stealing and exporting codes from Google Authenticator (2FA bypass)
* Stealing accounts by overlaying fake login screens
* Recording screens and keystrokes, stealing cookies, activating the camera and microphone, and tracking the location
* Hijacking the default SMS app to intercept messages, including banking and 2FA codes
* Remote control – can receive commands over Tor or Websockets to send texts, place calls, uninstall apps, or even self-destruct
This campaign is part of a larger operation that initially used Facebook ads impersonating "dozens of well-known brands" to target Windows users. The Brokewell malware has been linked to several other malicious campaigns in the past, highlighting the ongoing threat posed by these types of attacks.
The fact that Meta's advertising platforms were used to distribute this malware highlights the need for increased vigilance and security awareness among consumers. Users should be cautious when clicking on ads or downloading apps from unfamiliar sources, as these can be a vector for malicious payloads like Brokewell.
As cybersecurity experts continue to monitor the situation and develop strategies to mitigate the threat, it is essential for users to remain informed and take steps to protect themselves against such attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Brokewell-Android-Malware-Lures-Victims-with-Fake-TradingView-Ads-ehn.shtml
https://www.bleepingcomputer.com/news/security/brokewell-android-malware-delivered-through-fake-tradingview-ads/
Published: Mon Sep 1 13:05:38 2025 by llama3.2 3B Q4_K_M
