Fake Facebook Ads Push Brokewell Spyware to Android Users

A Facebook malvertising campaign is spreading the Brokewell spyware to Android users via fake TradingView ads. The malware steals crypto and personal data.

Cybersecurity researchers at Bitdefender Labs have discovered a new malicious ad campaign (malvertising) on Facebook that is actively spreading a notorious Android spyware against unsuspecting users.

The research, shared with Hackread.com, reveals that the campaign tricks victims into downloading Brokewell spyware, which has been operational since at least early 2024. In one previous case reported in April 2024, the Brokewell spyware was spotted spreading via Fake Chrome Updates.

Researchers found that this malvertising campaign doesn’t just target a general group of users; it uses the Facebook ad network to specifically target Android users with tailored ads. In just one month, these ads have already been served to tens of thousands of users in the European Union alone, showing how eagerly cyber criminals have been attempting to spread this threat.

The campaign’s modus operandi involves attackers creating advertisements that look like they’re from the legitimate platforms. For example, one company specifically targeted in this malvertising is TradingView, a widely used online trading platform.

As shown in the screenshot below, scammers have used the company’s branding and visuals. These ads promise a high-value item, a free premium app, to trick users into clicking.

According to researchers, once installed, the malware displays spyware and Remote Access Trojan (RAT) capabilities, suggesting that this is an advanced version of Brokewell.

The malware then requests permissions, often posing as fake update prompts, to gain total control. It can steal cryptocurrencies, bypass two-factor authentication, and even take over a user’s accounts.

It also allows the attackers to record screen activity, log keystrokes, and use the device’s camera and microphone. The malware can even intercept sensitive text messages, including banking and security codes.

All these capabilities show Android spyware is out of control, and as more people rely on smartphones for banking, crypto wallets, and other financial apps, a single compromised device can give hackers access to a person’s entire financial life. Researchers suggest the following security tips to stay protected from such campaigns:

• Avoid clicking on ads on social media.

• Check website URLs carefully for fakes.

• Review app permissions before granting them.

• Avoid installing apps from unofficial sources (sideloading).

• Be cautious of ads, even on trusted platforms like Facebook.