Android Malware Spreads Via Facebook Ads

Posted on by

Did you know that you can customize Google to filter out unwanted results? Follow these steps to improve your search results, including adding Lifehacker as your preferred source for tech news .

Attackers are once again using the Meta advertising platform to distribute malware. This time, it’s a form of Android spyware known as Brokewell, which is being distributed via a malicious Facebook ad campaign.

According to Bitdefender researchers , cybercriminals are placing ads promising free access to TradingView Premium, a market tracking and investing app, to Android mobile users. Clicking on the fraudulent ads, which use the TradingView brand and, in some cases, images of Labubus, results in malware being downloaded and installed on their devices.

You may also like

How Brokewell Hacks Android Devices

As noted in the Bitdefender report, this malicious adware attack tricks users into clicking on Facebook ads that appear to be related to TradingView, but the links lead to a cloned site that triggers the download of a malicious APK file onto the user’s device. The app requests extensive permissions while simultaneously showing the user a series of fake update prompts, including a PIN code request for the device’s lock screen. Once permissions are granted, the dropper deletes itself to avoid detection.

The malware itself is an advanced spyware and remote access trojan (RAT) with a number of capabilities:

What do you think at the moment?

  • Cryptocurrency theft

  • Collect and export two-factor authentication (2FA) codes from Google Authenticator

  • Overlaying Fake Login Screens to Take Over Accounts

  • Surveillance such as keylogging and screen recording

  • Intercepting SMS messages to steal bank codes and 2FA codes

  • Remote control of the device

This particular scheme targets Android mobile users: if a Windows or macOS desktop user clicks on a fake TradingView ad, they will see harmless content instead of a malicious clone of the site. However, the scammers use Facebook ads to reach users across platforms and devices, posing as various cryptocurrency, investing, and trading apps, as well as well-known financial professionals.

How to protect yourself from malicious advertising

You should be careful with ads on Facebook and other social media sites, as these are common channels for malware and other scams. Don’t click on ads, even if you know the company or brand, and especially if they offer investment advice or deals that seem too good to be true. Beware of links that lead to lookalike domains or fake sites that trick you into downloading files or apps.

Instead, you should only download apps from trusted sources, such as Google Play. While malicious apps can sometimes leak , it’s much safer than downloading from untrusted sources. Be skeptical of apps that ask for permissions or a screen lock PIN for no apparent reason, and don’t grant permissions for anything that isn’t necessary for the app to function (even if the app is legitimate).

More…

Security

Leave a Reply