Brokewell Android Malware Distributed via Fake TradingView Advertisements
Cybercriminals are exploiting Meta’s advertising platforms by promoting fake offers for a free TradingView Premium app that disseminates the Brokewell malware for Android devices. This malicious campaign, which has been active since at least July 22nd, utilises approximately 75 localized ads targeting cryptocurrency assets. Researchers from the cybersecurity firm Bitdefender have investigated these ads, noting that they cleverly employ TradingView branding to entice potential victims. The campaign is specifically tailored for mobile users; accessing the ad from other operating systems leads to benign content. However, Android users are redirected to a fraudulent webpage mimicking the original TradingView site, where they inadvertently download a malicious file named tw-update.apk. This application requests accessibility permissions and subsequently covers the screen with a fake update prompt while stealthily acquiring necessary permissions in the background.
The Brokewell malware, described by Bitdefender as an advanced variant, possesses a comprehensive suite of capabilities designed to monitor, control, and exfiltrate sensitive information. It can scan for cryptocurrency wallet details, steal codes from Google Authenticator for two-factor authentication bypass, and overlay fake login screens to capture user credentials. Additionally, it records screens and keystrokes, activates the device’s camera and microphone, and tracks the user’s location. The malware can hijack the default SMS application to intercept messages, including banking and two-factor authentication codes. Furthermore, it allows remote control via commands sent over Tor or Websockets, enabling actions such as sending texts, placing calls, uninstalling apps, or even self-destructing. Bitdefender indicates that this campaign is part of a broader operation that initially targeted Windows users through Facebook ads impersonating various well-known brands.
Categories: Cybersecurity Threats, Malware Distribution, Phishing Scams
Tags: Cybercriminals, Meta, Advertising, TradingView, Brokewell, Malware, Android, Cryptocurrency, Sensitive Data, Remote Control