This Android Malware Is Spreading Through Facebook Ads

Did you know that you can customize Google to filter the garbage? Take these steps For best search results, including the addition of Lifehacker as a favorite source for new technological.

Threat actors again use Meta’s advertising platform to distribute malware. This time, it is a form of Android spy software known as Brokewell, and it spreads through a MalVedian campaign on Facebook.

According to Bitdefender researchers, cybercriminals broadcast advertisements that promise free access to TradingView Premium, a market monitoring and investment application for mobile android users. By clicking on fraudulent advertisements, which use the tradingview brand and, in some cases, the images of Labubus, leads users to download and install malware on their devices.

How Brokewell compromises Android devices

As the Bitdefender report describes, this malvertization attack informs users to click on Facebook advertisements that seem to be for tradingView, but the links go to a cloned website, which initiates a download of a malicious .apk file on the user’s device. The deleted application requires large accessibility authorizations while displaying the user a series of false update prompts, including one that requires the device locking screen. Once the authorizations have been granted, the droppings uninstall to avoid detection.

Malware itself is advanced spy software and a remote Trojan horse (rat) which has a range of capacities:

• Cryptographic flight

• Stracing and export of two -fact factors (2FA) by Google Authenticator (2FA)

• Overposition of false connection screens for the takeover of the account

• Surveillance, such as keylogging and screen recording

• Intercept SMS to steal the bank and the 2FA codes

• Remote device control

This specific scheme targets Android mobile users – If someone on Windows Desktop or MacOS clicks on a False TradingView, they will see Benin content instead of the malicious cloned site. That said, threatening players have used Facebook advertisements to reach users on all platforms and devices, with campaigns that make the identity of various cryptocurrency, investment and trading applications as well as finance professionals.

How to stay away from malvertization

You must beware of Facebook advertisements and other social media sites, because they are common vectors to spread malware and other scams. Do not click on advertisements, even if you recognize the company or the brand – and especially if they offer investment advice or an agreement that seems too good to be true. Beware of links that go to Lookalike areas or usurped websites that force you to download files or applications.

Instead, you need to download applications only from trust -like sources like Google Play Store. Although malicious applications can sometimes slip through the meshes of the net, it is much safer than the launch of side from unannounced sources. Be skeptical about applications that require accessibility authorizations or your lock screen pin for no obvious reason, and avoid granting authorizations for everything that is not essential to the functionality of the application (even if the application is legitimate).