Cybercriminals are increasingly turning their sights from desktop to mobile, exploiting Meta’s advertising platform to distribute a sophisticated Android banking trojan disguised as a free TradingView Premium app.
Bitdefender Labs warns that these threat actors have shifted tactics after months of targeting Windows users with fake trading and cryptocurrency ads, now focusing worldwide on smartphone owners.
Since 22 July 2025, researchers have identified at least 75 Facebook ads promising a free premium version of TradingView for Android.
By 22 August, these ads had reached tens of thousands of users across the European Union. Ads feature official TradingView branding and familiar visuals—including a variant paired with a whimsical Labubu mascot—to entice clicks.
Desktop users who fall outside the targeted Android segment are redirected to innocuous content, while mobile users are taken to a cloned site at new-tw-view[.]online, where they download an infected .apk file from tradiwiw[.]online/tw-update.apk.
gbhackers.com
