"Researchers at cybersecurity company Bitdefender investigated the ads in the campaign, which use the TradingView branding and visuals and lure potential victims with the promise of a free premium app for Android. They note that the campaign was specifically designed for mobile users, as accessing the ad from a different operating system would lead to harmless content. Clicking from Android, however, redirected to a webpage mimicking the original TradingView site that provided a malicious tw-update.apk file hosted at tradiwiw[.]online/"
""The dropped application asks for accessibility, and after receiving it, the screen is covered with a fake update prompt. In the background, the application is giving itself all the permissions it needs," the researchers say in a report this week.. Furthermore, the malicious app also tries to obtain the PIN for unlocking the device by simulating an Android update request that needs the lockscreen password."
Cybercriminals abused Meta advertising with fake offers of a free TradingView Premium Android app to deliver Brokewell malware targeting cryptocurrency assets. The campaign ran since at least July 22 and used about 75 localized ads aimed at mobile users; non-Android access led to harmless content. Clicking from Android redirected to a site mimicking TradingView that served a malicious tw-update.apk from tradiwiw[.]online. The app requests accessibility, covers the screen with a fake update prompt, grants itself permissions in the background, and simulates an Android update to capture the lockscreen PIN. Brokewell can scan for BTC, ETH, USDT, IBANs, exfiltrate Google Authenticator codes, overlay fake login screens, and enable remote monitoring, control, and data theft.
Read at BleepingComputer
Unable to calculate read time
Collection
[
|
...
]