Stay updated with the latest Cybersecurity News on our TecnetBlog.

Brokewell: Malware That Steals Crypto via Fake Meta Ads

Written by Adrian León | Sep 2, 2025 1:00:00 PM

In recent months, cybersecurity researchers have raised a red flag: cybercriminals are using fake ads on Meta (Facebook and Instagram) to distribute a malware strain called Brokewell, disguised as the TradingView Premium app for Android.

The goal is clear: to steal cryptocurrencies, sensitive data, and even gain remote control over your device. If your business, personal finances, or investments rely on your smartphone, you need to understand how this threat works—and how to protect yourself. At TecnetOne, we break it down for you.

 

The Bait: Free TradingView Premium

 

You've likely heard of TradingView, one of the most widely used platforms in the financial world for chart analysis, trading, and crypto tracking. Its premium version is paid, so the promise of getting it for free is extremely tempting.

That’s exactly what attackers exploit: since July 2024, they’ve placed over 75 fake ads on Meta promoting a free download of this “premium” version. But the download link doesn’t point to Google Play or any official app store—it leads to cloned pages that prompt users to download a trojanized .apk file.

That file hides Brokewell, a far more sophisticated malware than it appears to be.

 

What Happens When You Install the Fake App?

 

Once installed, the fake app initiates a step-by-step manipulation process:

 

Requests accessibility permissions

 

This lets the malware control critical functions of your phone unnoticed.

 

Displays fake update windows

 

Trickery to make you believe you're applying a legitimate update.

 

Asks for your lock screen PIN

 

By getting this, attackers gain direct access to your device.

 

Runs in the background undetected

 

Brokewell stays active and invisible—ready to spy, steal, and manipulate.

 

This isn’t just another credential-stealing app—Brokewell is an advanced spyware and Remote Access Trojan (RAT) with a huge arsenal of features.

 

What Brokewell Can Do on Your Phone

 

Once inside, Brokewell can essentially turn your phone into a spy camera controlled by criminals. Its most dangerous capabilities include:

 

  1. Cryptocurrency theft
    It scans wallets like Bitcoin, Ethereum, Tether, and even traditional bank apps.

 

  1. 2FA code theft
    It can extract codes from apps like Google Authenticator, bypassing extra layers of protection.

 

  1. Keylogging
    Captures everything you type, including passwords and private messages.

 

  1. Camera and microphone access
    It can spy on you without your knowledge.

 

  1. Real-time location tracking
    Attackers always know where you are.

 

  1. SMS and call interception
    Useful for stealing bank messages or suppressing security alerts.

 

  1. Full remote control
    Via the Tor network and WebSockets, attackers can command your device as if it were in their hands.

 

In short: your phone stops being yours.

 

Similar titles: New Android Malware Disguises Itself as Russian FSB Antivirus

 

Why This Campaign Is So Dangerous

 

According to Bitdefender, this is one of the most advanced mobile malvertising attacks ever observed. Here’s why:

 

  1. No fake base station needed
    Brokewell works without relying on external hardware—just one wrong download is enough.

 

  1. Perfect disguise
    The ads and cloned websites look nearly identical to the real thing, often with fake reviews to convince users.

 

  1. Targeting European users
    The attack is designed to scale across the EU, where crypto and trading apps are on the rise.

 

  1. Beyond financial theft
    Brokewell also hijacks your digital identity: emails, cookies, photos, documents, social media access—everything.

 

How to Spot and Avoid the Trap

 

If you’re an Android user, pay close attention. Here are TecnetOne’s recommendations:

 

  1. Always download from official stores
    Google Play may not be perfect, but it’s far safer than unknown APK downloads.

 

  1. Be skeptical of “free premium” offers
    Suspicious links or glowing reviews often indicate a scam.

 

  1. Check URLs carefully
    Attackers often use lookalike domains to deceive you.

 

  1. Review app permissions
    If a trading app wants SMS, mic, or accessibility access—it’s a red flag.

 

  1. Use mobile security solutions
    A good antivirus or security suite can detect anomalies early.

 

  1. Keep your backups updated
    If something goes wrong, backups are your recovery lifeline.

 

Learn more: The Evolution of Artificial Intelligence Driven Malware

 

Impact on Businesses and Crypto Users

 

These attacks aren’t limited to curious individuals—they pose a serious risk to businesses and professionals who rely on mobile devices for:

 

  1. Managing financial operations

 

  1. Accessing corporate accounts

 

  1. Internal communication

 

If an employee installs a malicious app:

 

  1. Confidential contracts or client data could be exposed

 

  1. Corporate crypto wallets may be drained

 

  1. Real credentials could be used for internal phishing campaigns

 

With businesses increasingly relying on mobile apps, the threat is bigger than ever.

 

Brokewell and the Future of Mobile Attacks

 

This isn’t an isolated incident—it’s a sign of what’s coming:

 

  1. Malware-as-a-Service (MaaS):
    Criminals are selling these kits to less experienced attackers.

 

  1. Generative AI for realistic campaigns:
    Algorithms create fake ads that perfectly mimic real brand styles.

 

  1. Double extortion tactics:
    First, they steal—then they encrypt—pressuring victims on both fronts.

 

  1. Mobile-first focus:
    Smartphones now store your crypto, credentials, and communications—making them prime targets.

 

What to Do If You Suspect You’re a Victim

 

If you downloaded a suspicious app and notice odd behavior (apps crashing, high data usage, mic or camera turning on unexpectedly), take these steps immediately:

 

  1. Disconnect the device from the internet

 

  1. Run a full scan with a mobile security solution

 

  1. Change your passwords from a secure device

 

  1. Alert your IT team if it's a work device

 

  1. Consider restoring the phone to factory settings if issues persist

 

Final Thoughts

 

At TecnetOne, we believe prevention is always your best defense. Stay alert, keep your systems updated, and never underestimate the creativity of cybercriminals.

And if your company ever suffers a mobile security breach, remember: our incident response team is ready to help you contain, investigate, and recover—fast.

Let me know if you'd like an SEO title and meta description for this piece.

 
View full post