Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Brokewell Android malware delivered through fake TradingView Premium ads

Malware Activity
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

The Brokewell Android malware is being delivered through fake TradingView Premium ads, creating a live path to credential theft and remote device takeover for mobile users. The operation has run since at least July 22 and uses about 75 localized ads to lure people interested in cryptocurrency assets. Android clicks are redirected to a spoofed TradingView page that serves tw-update.apk from tradiwiw[.]online. Once installed, the malware can steal sensitive data, intercept SMS and 2FA codes, and control the phone remotely.

Related Happenings

Android remote access tool abusing Accessibility Services

Malware Activity
First: 30.01.2026 00:08 Last: 30.01.2026 00:08 Sources 1

About this happening: An **unnamed Android remote access tool** was found abusing **Accessibility Services** to take over devices, **capture screenshots**, steal credentials, and block removal. The mal...

Open Happening

Timeline

  1. 31.08.2025 21:35 2 articles · 8mo ago

    Fake TradingView Premium ads spread Brokewell to Android users

    Campaign Scope Update

    Cybercriminals run localized Meta ads that impersonate a free TradingView Premium app and lure Android users interested in cryptocurrency assets to a spoofed TradingView page that serves tw-update.apk from tradiwiw[.]online and installs Brokewell malware.

    Show sources
    Open in new tab
  2. 31.08.2025 21:35 1 articles · 8mo ago

    Bitdefender details Brokewell's Android capabilities in fake TradingView ads

    Technical Analysis Update

    Bitdefender examines the malicious TradingView-branded Android lure and describes a Brokewell variant that requests accessibility, hides a fake update prompt, steals Google Authenticator codes, overlays fake login screens, records screens and keystrokes, intercepts SMS and 2FA codes, and accepts remote commands over Tor or WebSockets.

    Show sources
    Open in new tab