Trying to strike it big? Beware, that TradingView app could be malware

News
By published

Researchers warn of major new malvertising campaign

A file and folder transferring data with a red warning mark indicating malware.
(Image credit: Shutterstock)
  • At least 75 malicious ads were posted on Meta's ad network
  • The ads were seen tens of thousands of times
  • They promoted a fake premium TradingView app that deployed a remote access trojan

Cybercriminals are once again targeting cryptocurrency traders, this time by trying to infect Android devices with an updated version of a well-known malware threat.

Security researchers Bitdefender Labs spotted what they described as “one of the most advanced Android threats seen in a malvertising campaign to date.”

The campaign was set up on Meta’s ad network, which covers Facebook, Instagram, Messenger, WhatsApp, as well as third-party apps and mobile sites partnered with the company.

New Brokewell infections

The ads promoted a “free” Premium version of TradingView, an online platform for tracking financial markets, making charts, and sharing trading ideas.

The campaign was spotted on July 22, 2025 (meaning it was probably launched even earlier), and contained at least 75 malicious ads, and within a month, the ads “reached tens of thousands of users in the EU alone,” the researchers said.

The ads targeted Android users specifically, and redirected them to a fake landing page spoofing TradingView. Those that visited on their desktop devices were redirected to a different, benign site. Those that used an Android device, however, were given a “highly advanced crypto-stealing trojan - an evolved version of the Brokewell malware”.

Brokewell is capable of capturing login credentials through overlay screens, as well as intercepting session cookies. It can also log a wide range of user actions, such as touches, swipes, and text inputs, and can grab information such as call logs, geolocation, audio calls, and more. Finally, the newer variants can serve as full-blown remote access trojans (RAT), allowing attackers remote control over the device.

Despite being highly advanced in features, the malware still raises the same red flags as any other - requesting powerful permissions such as accessibility access, while hiding behind fake update prompts. It also tries to trick the victim into giving away their lock screen PIN.

How to stay safe

To mitigate potential risks, users should place a credit freeze (or fraud alert) with all three credit bureaus, preventing new credit accounts from being opened in their name without approval.

They should also monitor their credit reports, and use TransUnion's offer of free identity theft monitoring.

Finally, they should watch their financial accounts closely, and be extra cautious with incoming emails and other communication. Since attackers now know their contact info, they might send convincing fake emails, texts, or calls pretending to be banks, government agencies, or even TransUnion itself.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.