- Ondicious TradingView -Nons spread from Meta to YouTube via hijacked accounts and fake videos
- Android users were targeted at Brokewell Malware that was able to steal data and enable remote access
- YouTube -campaign now falls trojan.Agent.gosl through custom downloader
If you remember the fake TradingView adware campaign recently discovered on Meta, then bad news, experts have found that it’s now expanded through Googleads to YouTube.
Security researchers Bitdefender discovered a large malvertising campaign on Meta’s network after threat actors managed to compromise a Facebook business account that belonged to a design agency in Norway and used it to run at least 75 malicious ads promoting a false “tradingview Premium” app.
The fake app targeted at specific Android users provided Brokewell, a piece of malware capable of capturing login -credentials through overlay screens, as well as eavesdropping sessions. It can also log a wide range of user actions, such as touches, swipes and text inputs, and can get information such as call logs, geolocation, audio calls and more. Finally, the newer variants can act as full -blown remote access trenches (rat), allowing attacks remote control over the device.
Stealing YouTube accounts
Now, almost a month later, the researchers found a legitimate YouTube account that was hijacked and redirected to look almost identical to the real tradingview account. Crooks uploaded videos that promoted the same fake platform but kept them unlisted to avoid public control, were marked and eventually – taken down.
Such a video got more than 180,000 views in just a few days, showing how potent the malvertizing campaign really is.
There is no way to know how many people actually fell for the trick and installed malware on their devices, but we know that Brokewell is not the one distributed via YouTube.
Instead, the campaign delivers a custom downloader that eventually falls trojan.Agent.gosl, also known as JSCeal and Weevilproxy.
The best way to stay sure is to use common sense and not rely on ads offering premium versions of different tools for free.
Furthermore, users must check if the videos are unlisted, or lead to third -party download link. Software should only be downloaded from official sites and suspicious ads should be reported to Google or YouTube.
TradingView is a globally recognized platform for tracking financial markets, making charts and sharing of trading ideas.
