Devious malware has jumped from Meta to Google Ads and YouTube to spread

2 hours ago 2

Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol

(Image credit: Shutterstock)

Malicious TradingView ads spread from Meta to YouTube via hijacked accounts and fake videos
Android users were targeted with Brokewell malware capable of stealing data and enabling remote access
YouTube campaign now drops Trojan.Agent.GOSL through custom downloader

If you remember the fake TradingView adware campaign recently spotted on Meta, then bad news, experts have found it has now expanded through GoogleAds to YouTube.

Security researchers Bitdefender discovered a major malvertising campaign on Meta’s network after threat actors managed to compromise a Facebook Business account belonging to a design agency in Norway, using it to run at least 75 malicious ads that promoted a fake “TradingView Premium” app.

The fake app, targeting specifically Android users, delivered Brokewell, a piece of malware capable of capturing login credentials through overlay screens, as well as intercepting session cookies. It can also log a wide range of user actions, such as touches, swipes, and text inputs, and can grab information such as call logs, geolocation, audio calls, and more. Finally, the newer variants can serve as full-blown remote access trojans (RAT), allowing attackers remote control over the device.

Stealing YouTube accounts

Now, almost a month later, the researchers found a legitimate YouTube account that was hijacked and rebranded to look almost identical to the real TradingView account. The crooks uploaded videos promoting the same fake platform, but kept them unlisted to avoid public scrutiny, being flagged and ultimately - taken down.

One such video garnered more than 180,000 views in just a few days, showing just how potent the malvertising campaign really is.

There is no way of knowing how many people actually fell for the trick and installed malware on their devices, but we do know that Brokewell is not the one being distributed via YouTube.

Instead, the campaign delivers a custom downloader that eventually drops Trojan.Agent.GOSL, also known as JSCEAL and WeevilProxy.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The best way to stay safe is to use common sense and to not trust ads offering premium versions of different tools for free.

Furthermore, users should check if the videos are unlisted, or lead to third-party download links. Software should only be downloaded from official sites, and suspicious ads should be reported to Google or YouTube.

TradingView is a globally recognized platform for tracking financial markets, making charts, and sharing trading ideas.

Trying to strike it big? Beware, that TradingView app could be malware
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article