Android Malware Exploits Facebook Ads to Spread Globally

29 Aug 2025

Cybersecurity experts have uncovered a sophisticated malvertising campaign that has been targeting Android users across Europe and other regions. The threat actors behind this operation have been leveraging Meta’s Facebook platform to disseminate ads that promise a free TradingView Premium application. However, these ads are part of a deceptive ruse designed to distribute Android malware.

To lure unsuspecting users, the ads adeptly mimic official TradingView branding, redirecting victims to a clone webpage, new-tw-view[.]online, where an APK file is downloaded from tradiwiw[.]online/tw-update.apk. This APK is anything but benign; once installed, it deploys a crypto-stealing trojan. This malicious software takes advantage of Accessibility Service abuses and overlay techniques to harvest user credentials and intercept two-factor authentication tokens from Google Authenticator.

Technical Details and Dissemination

The malware initially disguises itself as a legitimate app update, immediately requesting powerful permissions. These include enabling Accessibility Services and granting device administration rights. Often, the malware uninstalls its initial stub to evade detection, making it more challenging to remove.

Discovered on July 22, 2025, the campaign quickly spread, with Bitdefender reporting at least 75 unique ads since late July, impacting tens of thousands of users. The attackers were strategic in their approach, localizing the lures in multiple languages, including Vietnamese, Portuguese, Spanish, Turkish, and Arabic, thereby broadening their reach.

From a technical standpoint, the dropper APK computes an MD5 checksum of 788cb1965585f5d7b11a0ca35d3346cc and unpacks an embedded payload with a checksum of 58d6ff96c4ca734cd7dfacc235e105bd. The payload is stored as an encrypted DEX resource. A native library is employed to retrieve decryption keys and load hidden classes via reflection with the DexClassLoader, circumventing signature checks.

Malware Capabilities and Impact

Once operational, the malware registers itself as an accessibility service, monitoring keystrokes and potentially displaying counterfeit login screens over legitimate banking and cryptocurrency applications. It is engineered to persist by re-enabling accessibility on reboot and hiding its icon using the PackageManager.setComponentEnabledSetting.

By weaponizing Facebook's ad infrastructure and adapting adeptly from desktop-oriented techniques to the Android environment, these threat actors have crafted a campaign with considerable global reach and potential financial repercussions.

In light of these developments, users and organizations in the affected regions and beyond are advised to be vigilant. Scrutinizing the sources of applications, verifying URLs, and restricting sideloading to trusted repositories are crucial steps in defending against such high-impact Android malware activities.

Top charts for Mobile Android

uTorrent

uTorrent

Latest update uTorrent download for free for Windows PC or Android mobile

5
1032 reviews
5592639
downloads
Zona

Zona

Latest update Zona download for free for Windows PC or Android mobile

4
614 reviews
996078
downloads
Minecraft

Minecraft

Latest update Minecraft download for free for Windows PC or Android mobile

5
750 reviews
438626
downloads
Geometry Dash

Geometry Dash

Latest update Geometry Dash download for free for Windows PC or Android mobile

4
539 reviews
365546
downloads

News and reviews for Mobile Android

Russia Mandates Pre-Installation of Max App on All Devices

From September, Russia requires all smartphones, tablets, and computers to come with Max pre-installed. The app supports text, voice, and video features integrating with government services. Restrictions on WhatsApp and Telegram align with this move amid privacy concerns and technical issues.

Read more

Google Play Store Tests Simplified App Uninstallation

Google Play Store experiments with a feature to make app removal easier, enhancing user convenience by introducing a one-tap uninstall button.

Read more

Pudgy Party Launches Globally to Engage Mobile Gamers

Pudgy Party, a new Web3 mobile game from Pudgy Penguins and Mythical Games, is now available worldwide. Featuring fast-paced mini-games, blockchain integration, and NFT trading, it promises to become a mainstream hit.

Read more

Android Malware Exploits Facebook Ads to Spread Globally

Android malware campaign leverages Facebook ads to trick users into downloading a crypto-stealing trojan disguised as a TradingView Premium app. The malware targets users in Europe and beyond with deceptive tactics.

Read more

Google Introduces Calling Cards in Android Phone App

Google's Phone app updates with Calling Cards, allowing users to customize contact screens with full images and names, similar to Apple iPhone features.

Read more

Google Enhances Play Store with New Uninstall Feature

Google is testing an 'Uninstall' feature on Play Store app pages, simplifying app removals across devices, offering users a streamlined experience.

Read more

Google Enhances Call Recording Search in Phone App

Google explores a new filter for its Phone app to easily find call recordings, simplifying call log access. This enhancement is in progress, with availability limited due to regional restrictions.

Read more

Google Phone Gets a Sleek Upgrade with New Features

Google Phone app receives a major update with Material 3 changes, featuring a revamped home screen, improved call interface, and customizable Calling Cards. Over 65% of users express satisfaction with the fresh design, promising broader appeal with more to come.

Read more

Google's Pixel Sounds App Embraces Material 3 Expressive Design

Pixel Sounds app updated with Material 3 Expressive design, enhancing user experience with a new grid layout, improved UI elements, and sleek font.

Read more

TRIOOH Debuts in India with Major Campaign for Messenger App

TRIOOH enters Indian market with a tech-focused OOH campaign for a messenger app, showcasing in Delhi NCR, Mumbai, and other cities, using data-driven insights.

Read more