- At least 75 malicious ads were sent on Meta’s ad network
- The ads were seen tens of thousands of times
- They promoted a fake Premium TradingView -App that implemented a remote access Trojan
Cyber criminals are targeting again against cryptocurrency dealers, this time by trying to infect Android devices with an updated version of a well-known malware threat.
Security researchers Bitdefender Labs discovered what they described as “one of the most advanced Android threats seen in a malvertizing campaign to date.”
The campaign was created on Meta’s ad network covering Facebook, Instagram, Messenger, WhatsApp as well as third -party apps and mobile websites that are collaborated with the company.
New Brokewell infections
The ads promoted a “free” premium version of TradingView, an online platform for tracking financial markets, making charts and sharing of trading ideas.
The campaign was discovered on July 22, 2025 (which means it was probably launched even earlier) and contained at least 75 malicious ads, and within a month the ads reached tens of thousands of users in the EU alone, “the researchers said.
The ads targeted Android users specifically and redirect them to a false destination page that spoofing trade. Those who visited their desktop devices were redirected to another benign place. However, those who used an Android device got a “very advanced crypto -steal Trojan -a developed version of The Brokewell Malware”.
Brokewell is capable of capturing login -credentials through overlay screens as well as eavesdropping cakes. It can also log a wide range of user actions, such as touches, swipes and text inputs, and can get information such as call logs, geolocation, audio calls and more. Finally, the newer variants can act as full -blown remote access trenches (rat), allowing attacks remote control over the device.
Despite being very advanced in features, malware still raises the same red flags as anyone else – requesting powerful permits such as access to accessibility while hiding behind false update systems. It also tries to fool the victim to give away their lock screen pin.
How to remain safe
To mitigate potential risks, users must place a credit freezing (or fraud) with all three credit agencies, preventing new credit accounts from opening in their name without approval.
They should also monitor their credit reports and use Transunion’s offer of monitoring of free identity theft.
Finally, they should see their financial accounts closely and be extra careful with incoming E emails and other communication. Since attackers now know their contact information, they may send convincing false e emails, texts or calls that pretend to be banks, government agencies or even Transunion themselves.
Via Bleeping computer
