Android users are currently at risk of a scarily advanced malware that reportedly uses Meta’s advertising platforms (like Facebook and Instagram) to hunt for users’ PINs, messages, and other sensitive data. The malware which has been active since at least July 22, especially targets crypto assets.
Here’s how it works: You can be on any of Meta’s platforms and get a pop-up advertising a free version of the TradingView premium app. It looks real because it has the branding and visuals of the popular TradingView app. If you click from Windows or other operating systems, it may be harmless. But doing so from an Android device could spell trouble as this malware specifically targets mobile users.
It takes Android users to a fake TradingView webpage and tricks them into downloading a dangerous app called tw-update.apk file from tradiwiw[.]online/. Once in, all you’ll see on your phone screen is an update prompt, but behind the scenes, the app gets all the permission it needs. Then, it asks for your Android lockscreen PIN through a fake Android update request.
This malware is a more sophisticated version of the Brokewell malware (similar toFakeCall malware), a notorious Android banking Trojan that steals sensitive data and controls infected devices. Its dangerous capabilities include scanning for crypto wallet and bank details, stealing codes from Google Authenticator so it can bypass 2FA, and even taking over your SMS app to read banking, 2FA codes, and other messages coming in.
According to Bitdefender, a popular cybersecurity company, this new malware is “one of the most advanced Android threats seen in a malvertising company to date.” It’s part of a bigger campaign that used Facebook ads to impersonate popular brands and trick Windows users.
A few best practices to stay safe include downloading apps from official stores only, checking URLs carefully before clicking, and being wary of apps that ask for accessibility or lockscreen PINs.
