Meta Malvertising Campaign Spreads Android Crypto-Stealing Malware
A sophisticated malvertising campaign targeting Meta’s ad network has expanded from Windows to Android users worldwide, deploying an advanced version of the Brokewell malware disguised as TradingView’s premium app[1].
Since July 22, 2025, cybercriminals have launched over 75 malicious Facebook ads, reaching tens of thousands of users across the European Union[1:1]. The campaign tricks victims into downloading a malicious APK from fake domains that mimic TradingView’s official website.
The malware, an enhanced strain of Brokewell, functions as both spyware and a remote access trojan (RAT) with capabilities including:
- Cryptocurrency theft (BTC, ETH, USDT)
- SMS interception for banking and 2FA codes
- Google Authenticator data extraction
- Screen recording and keylogging
- Camera and microphone activation
- Remote command execution via Tor and WebSockets[1:2]
The attackers have localized their ads in multiple languages including Vietnamese, Portuguese, Spanish, Turkish, Thai, Arabic and Chinese to maximize reach[1:3]. While the Android campaign currently focuses on impersonating TradingView, the Windows version has mimicked numerous brands including Binance, Bitget, Metatrader, and OKX[1:4].
Minimum, better using Portmaster and block anything from Fakebook in both directions, but than also you can’t access, avoiding to click accidentaly on a link, irrelevant of which from it’s apps or services
This cause
Can’t I still use it to talk to my mom on messenger with video calls if I do that ?
No, at least if you don’t desactivate the filter before. Better to convince your mother to use another app.