Find notable cyber news and cases, enriched with sources, timelines, and signals.

Brokewell Android malware delivered through fake TradingView Premium ads

Malware Activity
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

The Brokewell Android malware is being delivered through fake TradingView Premium ads, creating a live path to credential theft and remote device takeover for mobile users. The operation has run since at least July 22 and uses about 75 localized ads to lure people interested in cryptocurrency assets. Android clicks are redirected to a spoofed TradingView page that serves tw-update.apk from tradiwiw[.]online. Once installed, the malware can steal sensitive data, intercept SMS and 2FA codes, and control the phone remotely.

Related Happenings

Massiv Android banking malware disguised as IPTV app

Malware Activity
H score27 First: 19.02.2026 12:00 Last: 19.02.2026 12:00 Sources 1

About this happening: The **Massiv** Android banking malware is posing as an **IPTV app** to steal digital identities and access **online banking accounts**. It uses **screen overlays**, **keylogging**...

Android remote access tool abusing Accessibility Services

Malware Activity
H score26 First: 30.01.2026 00:08 Last: 30.01.2026 00:08 Sources 1

About this happening: An **unnamed Android remote access tool** was found abusing **Accessibility Services** to take over devices, **capture screenshots**, steal credentials, and block removal. The mal...

Timeline

  1. 31.08.2025 21:35 2 articles · 10mo ago

    Fake TradingView Premium ads spread Brokewell to Android users

    Campaign Scope Update

    Cybercriminals run localized Meta ads that impersonate a free TradingView Premium app and lure Android users interested in cryptocurrency assets to a spoofed TradingView page that serves tw-update.apk from tradiwiw[.]online and installs Brokewell malware.

    Show sources
  2. 31.08.2025 21:35 1 articles · 10mo ago

    Bitdefender details Brokewell's Android capabilities in fake TradingView ads

    Technical Analysis Update

    Bitdefender examines the malicious TradingView-branded Android lure and describes a Brokewell variant that requests accessibility, hides a fake update prompt, steals Google Authenticator codes, overlays fake login screens, records screens and keystrokes, intercepts SMS and 2FA codes, and accepts remote commands over Tor or WebSockets.

    Show sources