315/68 Monday, September 1, 2025
Researchers from Bitdefender Labs have issued a warning about a malicious advertising (malvertising) campaign on Facebook that tricks Android users into downloading the Brokewell spyware, disguised as ads from TradingView, a popular market analysis platform. Instead of indiscriminately targeting random users, the campaign carefully selected victims through Facebook’s ad system. In Europe alone, tens of thousands of users were served these fake ads in just one month.
Brokewell was first discovered in early 2024 and had previously spread through fake Chrome updates in April. According to researchers, once installed, the malware disguises itself as a system update to request elevated permissions. It can then operate both as spyware and a Remote Access Trojan (RAT), capable of screen recording, keylogging, secretly activating the camera and microphone, and stealing SMS messages containing banking or security verification codes.
What makes Brokewell particularly concerning is its ability to compromise cryptocurrency wallets, bypass two-factor authentication, and take full control of user accounts. Researchers warn that in an era where people increasingly rely on smartphones for financial and investment activities, the compromise of a single device could give attackers access to all of a victim’s financial data. Experts recommend avoiding clicking on ads on social media, carefully verifying URLs, steering clear of installing apps from untrusted sources, and reviewing app permission requests before granting access to protect against threats like this.
Source https://hackread.com/fake-facebook-ads-brokewell-spyware-android-users/
