- Malicectious tradingView announcements propagate from Meta to YouTube via diverted accounts and false videos
- Android users have been targeted with Brokewell malware capable of flying data and activating remote access
- The YouTube campaign now drops Trojan.agent.gosl via a personalized downloader
If you remember the false Adware TradingView campaign recently spotted on Meta, then the bad news, the experts have found that it has now extended via Googleads to YouTube.
Bitdefender security researchers discovered a large MalVertising campaign on the Meta network after threatening players managed to compromise a Facebook commercial account belonging to a design agency in Norway, using it to distribute at least 75 malicious advertisements that have favored a false application “TradingView Premium”.
The false application, specifically targeting Android users, delivered Brokewell, a part of malware capable of capturing connection identification information via superposition screens, as well as intercepting session cookies. It can also record a wide range of user actions, such as keys, scans and text entries, and can enter information such as call logs, geolocation, audio calls, etc. Finally, the most recent variants can serve as a distance from Trojan remotely (RAT), allowing attackers a remote control on the device.
Steal YouTube accounts
Now, almost a month later, the researchers found a legitimate YouTube account which was diverted and renamed to be almost identical to the real tradingView account. The Crooks have downloaded videos promoting the same false platform, but kept them unlisted to avoid a public examination, be reported and finally – removed.
One of these videos has collected more than 180,000 views in a few days, showing how powerful the Malvertization campaign is.
There is no way to know how many people have fallen into the thing and have installed malware on their devices, but we know that Brokewell is not the one distributed via YouTube.
Instead, the campaign offers a personalized downloader that ends up dropping Trojan.agent.gosl, also known as Jsceal and Wevilproxy.
The best way to stay safe is to use common sense and not trust advertisements offering premium versions of different tools for free.
In addition, users should check whether the videos are not listed or lead to third -party download links. Software should only be downloaded from official sites, and suspect announcements should be reported to Google or YouTube.
TradingView is a generally recognized platform for following financial markets, making graphics and sharing trading ideas.
