Bitdefender warns that a Meta malvertising campaign has expanded to Android phones. The research discovered malicious ads that offer a free TradingView Premium app for Android. Rather than leading users to a legitimate software, however, these ads take victims to a sophisticated crypto-stealing trojan, which the research describes as “an evolved version of the Brokewell malware.” 

The research’s most recent analysis revealed the campaign remains active and has leveraged at least 75 malicious ads since mid-July. As of August 22nd, 2025, the ads have reached tens of thousands of users in the European Union. 

The malware installed is more than a credential stealer. Instead, it is a spyware and remote access trojan (RAT) with capabilities that include: 

• Two-factor authentication bypass
  
• Account takeover
• Remote control 
• Surveillance
• SMS interception
• Crypto theft

The research asserts that this campaign is “one of the most advanced Android threats seen in a malvertising campaign to date.”