Cyber Criminals Meta advertisement platforms are misused, with a free tradingwue premium app with a fake offer that spreads brocwell malware for Android.
The campaign targets cryptocurrency assets and is running at least from July 22 through an estimated 75 localized advertisements.
Brokewell has been around since the beginning of 2024 and has a broad set of capabilities that include stealing sensitive data, remote monitoring and control of compromised devices.
Take to the device
Researchers at Cyber Security Company examined advertisements in the campaign, which use tradingview branding and visuals and enticing potential victims with a promise of a free premium app for Android.
Source bitadefinder
They note that the campaign was specifically designed for mobile users, as reaching advertising from a separate operating system would be harmless material.
Clicking from Android, however, is redirected to a webpage that mimics the original trading site that provides a malicious tw-update.apk Hosted file Tradiviwiw (.) Online/
Researchers said, “The fallen application asks for accessibility, and after receiving it, the screen is covered with a fake update prompt. In the background, the application itself requires all permissions,” the applications needed themselves, “the researchers said Report This week ..
In addition, the malicious app also tries to get a pin to unlock the device by imitating an Android update request that requires a lockscreen password.
Source: Bitdefender
According to Bitdefnder, the fake tradingview app “is an advanced version of Brockwell Malware” that comes with a huge arsenal of equipment designed to monitor, control and steal sensitive information: “
- Scan for BTC, Eth, USDT, Bank Account Number (IBANS)
- Google steals and exports code from 2fa bypass
- Fake login the account steals by overlaying the screen
- Record screens and Kestrokes, stealing cookies, activates camera and microphone, and tracks the location
- Hijacks the default SMS app to prevent messages including banking and 2FA code
- Remote control-tex, place calls, uninstall apps, or even for self-destruction can get commands on torches or websites
Researchers provide a technical observation of how malware works and an extended list of supported commands containing more than 130 rows.
Bitdefender states that this campaign is part of a large operation, initially used by Facebook advertisements, which applied “dozens of famous brands” to target Windows users.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
