This devious malware has jumped from Meta over to Google Ads and YouTube to spread – here’s how to stay safe
- Malicious TradingView ads spread from Meta to YouTube via hijacked accounts and fake videos
- Android users were targeted with Brokewell malware capable of stealing data and enabling remote access
- YouTube campaign now drops Trojan.Agent.GOSL through custom downloader
If you remember the fake TradingView adware campaign recently spotted on Meta, then bad news, experts have found it has now expanded through GoogleAds to YouTube.
Security researchers Bitdefender discovered a major malvertising campaign on Meta’s network after threat actors managed to compromise a Facebook Business account belonging to a design agency in Norway, using it to run at least 75 malicious ads that promoted a fake “TradingView Premium” app.
The fake app, targeting specifically Android users, delivered Brokewell, a piece of malware capable of capturing login credentials through overlay screens, as well as intercepting session cookies. It can also log a wide range of user actions, such as touches, swipes, and text inputs, and can grab information such as call logs, geolocation, audio calls, and more. Finally, the newer variants can serve as full-blown remote access trojans (RAT), allowing attackers remote control over the device.
Stealing YouTube accounts
Now, almost a month later, the researchers found a legitimate YouTube account that was hijacked and rebranded to look almost identical to the real TradingView account. The crooks uploaded videos promoting the same fake platform, but kept them unlisted to avoid public scrutiny, being flagged and ultimately – taken down.
One such video garnered more than 180,000 views in just a few days, showing just how potent the malvertising campaign really is.
There is no way of knowing how many people actually fell for the trick and installed malware on their devices, but we do know that Brokewell is not the one being distributed via YouTube.
Instead, the campaign delivers a custom downloader that eventually drops Trojan.Agent.GOSL, also known as JSCEAL and WeevilProxy.
The best way to stay safe is to use common sense and to not trust ads offering premium versions of different tools for free.
Furthermore, users should check if the videos are unlisted, or lead to third-party download links. Software should only be downloaded from official sites, and suspicious ads should be reported to Google or YouTube.
TradingView is a globally recognized platform for tracking financial markets, making charts, and sharing trading ideas.
You might also like
Malicious TradingView ads spread from Meta to YouTube via hijacked accounts and fake videos Android users were targeted with Brokewell malware capable of stealing data and enabling remote access YouTube campaign now drops Trojan.Agent.GOSL through custom downloader If you remember the fake TradingView adware campaign recently spotted on Meta, then…
