Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide

Bitdefender Labs uncovered an active malvertising campaign using Facebook/Meta ads impersonating TradingView and other brands to distribute an evolved Brokewell Android trojan via sideloaded APKs; the malware requests powerful permissions (accessibility, lock-screen PIN), communicates over Tor/WSS, and supports extensive capabilities including crypto theft, 2FA scraping/export, SMS interception, keylogging, camera/mic access, remote control and self-destruct — tens of thousands of users in the EU were reached and multiple IOCs and hashes are provided.