- At least at least 75 malicious ads were published in the Meta advertising network
- The ads were seen tens of thousands of times
- They promoted a false premium view tradingview that implemented a remote access Trojan
Cybercriminals are once again addressed to cryptocurrency merchants, this time trying to infect Android devices with an updated version of a well -known malware threat.
Bitdefender Labs security researchers saw what they described as “one of the most advanced Android threats seen in a evil campaign to date.”
The campaign was established in the Meta advertising network, which covers Facebook, Instagram, Messenger, WhatsApp, as well as third -party applications and mobile sites associated with the company.
New Brokewell infections
The ads promoted a “free” premium version of TrainingView, an online platform to track financial markets, graphics and share commercial ideas.
The campaign was seen on July 22, 2025 (which means that it was probably launched even before), and contained at least 75 malicious ads, and in a month, the ads “arrived in tens of thousands of users only in the EU,” the researchers said.
The ads were specifically addressed to Android users, and redirected them to a false destination page that TrainingView. Those who visited their desktop devices were redirected to a different and benign site. However, those who used an Android device received a “highly advanced cryptographic robbery Trojan, an evolved version of Brokwell malware.”
Brokewell is able to capture login credentials through overlapping screens, as well as intercept session cookies. You can also register a wide range of user actions, such as touches, blows and text inputs, and you can obtain information such as call records, geolocation, audio calls and more. Finally, the newest variants can serve as a full -fledged remote (rat) Trojans, allowing the remote control of the attackers on the device.
Despite being very advanced in the characteristics, the malware still raises the same red flags as any other, requesting powerful permits, such as accessibility access, while hiding behind the false update indications. He also tries to deceive the victim to reveal his block of the lock screen.
How to stay safe
To mitigate potential risks, users must place a credit freezing (or fraud alert) with the three credit offices, preventing new credit accounts from being opened to their name without approval.
They must also monitor their credit reports and use the free identity robbery monitoring transunion offer.
Finally, they must observe their financial accounts closely and be very cautious with incoming emails and other communications. Since the attackers now know their contact information, they can send convincing false emails, text messages or calls that pretend to be banks, government agencies or even transunity.
Through Bleepingcomputer
