The Scam That Won’t Quit: Malicious “TradingView Premium” Ads Jump from Meta to Google and YouTube

Bitdefender documents a widescale malvertising campaign that compromises advertiser and YouTube business accounts to distribute an oversized, anti-sandbox downloader via unlisted ad videos and ads; the downloader deploys a multi-stage infostealer/RAT (JSCEAL/WeevilProxy) capable of credential and cookie theft, proxying network traffic, keylogging, and long-term persistence, with evidence of Windows, macOS and Android variants, over 500 domains/subdomains, extensive tracking pixels/postbacks, and active exploitation through paid ad placements—recommendations include strict account security (MFA), avoiding third-party downloads, reporting suspicious ads, and using endpoint protections.