This Android Malware Is Spreading Through Facebook Ads
Briefly

This Android Malware Is Spreading Through Facebook Ads
"Threat actors are once again using Meta's advertising platform to distribute malware. This time, it's a form of Android spyware known as Brokewell, and it's spreading through a malvertising campaign on Facebook. According to researchers at Bitdefender, cybercriminals are running ads that promise free access to TradingView Premium, a market tracking and investment app, for Android mobile users. Clicking on the fraudulent ads, which use TradingView's branding and, in some cases, images of Labubus, leads to users downloading and installing malware on their devices."
"As the Bitdefender report outline, this malvertising attack tricks users into clicking Facebook ads that appear to be for TradingView, but the links go to a cloned website, which initiates a download of a malicious .apk file to the user's device. The dropped app requests broad accessibility permissions while showing the user a series of fake update prompts, including one that requests the device's lock screen PIN. Once permissions are granted, the dropper uninstalls itself to avoid detection."
"The malware itself is an advanced spyware and remote access trojan (RAT) that has a range of capabilities: Crypto theft Scraping and exporting two-factor authentication (2FA) codes from Google Authenticator Overlaying fake login screens for account takeover Surveillance, such as keylogging and screen recording Intercepting SMS messages to steal banking and 2FA codes Remote device control This specific scheme targets Android mobile users-if someone on Windows desktop or MacOS clicks on a fake TradingView ad, they'll see benign content instead of the malicious cloned site."
Customize Google to filter low-quality results and add preferred sources such as Lifehacker for tech news. Threat actors are abusing Meta's advertising platform to distribute Brokewell, an Android spyware and remote access trojan (RAT). Malvertising ads promise free TradingView Premium and redirect users to a cloned site that drops a malicious .apk. The dropped app requests broad accessibility permissions, shows fake update prompts including a lock-screen PIN request, and then uninstalls the dropper after installation. Brokewell can steal crypto, export Google Authenticator 2FA codes, overlay fake login screens, keylog, record screens, intercept SMS, and remotely control compromised devices.
Read at Lifehacker
Unable to calculate read time
[
|
]