Android users are facing a new threat as reported by security experts at Bitdefender, who have observed a significant increase in devices being infected with the dangerous Brokewell malware.
The Brokewell malware is a malicious bug capable of spying on devices, stealing messages, seizing remote control of phones, and extracting security codes for unauthorized account access. Once installed, this bug allows cybercriminals to take almost complete control of the compromised devices.
The method through which Android users are falling prey to this threat involves a novel approach that lures individuals into clicking on social media advertisements that prompt the download of certain apps.
These sponsored ads falsely promise free access to premium financial services that typically cost a significant amount of money.
Upon clicking the advertisement, Android users are directed to download an app, which is where the malware infection occurs.
According to Bitdefender’s recent analysis, the active malware campaign has utilized 75 malicious ads and potentially reached tens of thousands of users in the EU alone.
Bitdefender elaborated, “Bitdefender researchers have exposed a series of malicious ads on Facebook enticing targets with a free TradingView Premium app for Android. Instead of delivering authentic software, the ads distribute a highly advanced crypto-stealing trojan, an evolved version of the Brokewell malware.”
To prevent further victims, Bitdefender has issued advice and four guidelines to help people stay safe, including exercising caution when downloading new apps and being skeptical of ads that seem too good to be true.
For Android users, it is highly recommended to follow these key tips to avoid falling victim to Brokewell:
• Refrain from sideloading apps – Only install apps from trusted sources like Google Play.
• Exercise caution with ads – Even on reputable platforms like Facebook, ads can be exploited by cybercriminals.
• Verify URLs carefully – Fake download pages often use deceptive domains.
• Review app permissions – If an app requests unusual access permissions without a clear purpose, it should raise a red flag.
At Reach and our affiliated entities, we and our partners utilize information collected through cookies and other identifiers from your device to enhance your site experience, analyze usage patterns, and display personalized ads. You can opt out of data sharing at any time by clicking the “Do Not Sell or Share my Data” button on the webpage. Please note that your preferences are specific to your browser. Your use of our website and services indicates your consent to our use of cookies and agreement with our Privacy Notice and Cookie Policy.
