Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Malvertising campaign targets Android users with advanced crypto-steal...
How are people in 15 countries leveraging AI for travel planning?
Insider threats cited alongside external attacks in terms of severity:...
How are people in 15 countries leveraging AI for travel planning?
North America financial institutions lead surge in financial regulator...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      Resilience the true benchmark for smart infrastructure

      Resilience the true benchmark for smart infrastructure

      Wednesday, August 27, 2025, 8:21 PM Asia/Singapore | Features, IoT Security
    • Featured

      Deepfake a crisis of trust, not just technology

      Deepfake a crisis of trust, not just technology

      Tuesday, August 19, 2025, 10:06 AM Asia/Singapore | Features
    • Featured

      When talking sense into AI power mongers fails, talk $$$: A message from AI

      When talking sense into AI power mongers fails, talk $$$: A message from AI

      Thursday, August 14, 2025, 12:26 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

News

Malvertising campaign targets Android users with advanced crypto-stealing trojan malware

By CybersecAsia editors | Monday, September 1, 2025, 3:20 PM Asia/Singapore

Malvertising campaign targets Android users with advanced crypto-stealing trojan malware

Why pay thousands when you can get Premium crypto-trading service for a  full year at no cost?

A new wave of malicious advertising targeting Android users has been uncovered, spreading advanced crypto-stealing malware disguised as legitimate mobile apps.

The campaign currently employs fake ads on Meta’s platforms, offering a purported free premium version of a popular trading app for Android that costs thousands of dollars per year to use.

The ads mimic familiar branding and visuals to deceive users into clicking and downloading a malicious .apk file from fraudulent websites that closely imitate official app pages. A commonly used prompt in the ads is: “Why pay a year when you can get Premium for a  full year at no cost?”

Instead of the legitimate software, users end up downloading a sophisticated trojan designed to steal cryptocurrency credentials and other sensitive information. Once installed, the malware requests extensive device permissions, including accessibility access, often hidden behind fake update prompts. This access allows the malware to perform numerous intrusive actions such as overlaying screens with deceptive messages, stealing lock screen PINs, and extracting data from installed apps, including financial and authentication apps. Other details of the malware include:

  • Indications that it is a significantly evolved version of the Brokewell trojan, functioning as both spyware and a remote access tool.
  • If a desktop user clicks on the ad, random and benign content will be delivered instead.
  • It communicates with its command servers through encrypted channels, enabling attackers to remotely control infected devices, capture screenshots, record audio, dump clipboard contents, scrape email inboxes, and harvest two-factor authentication credentials.
  • Its capabilities likely make it one of the most advanced Android threats linked to malvertising campaigns observed so far.

To boost distribution, the attackers localize their fake ads in multiple languages and impersonate numerous well-known brands and financial platforms. Although initially targeting Windows desktop users, this operation now actively pursues users of the Android operating system.

Since 22 July 2025 the global campaign, uncovered by Bitdefender, has used at least 75 malicious ads. By 22 August 2025, tens of thousands of users in the EU alone had been affected by the trojan malware.

Share:

PreviousHow are people in 15 countries leveraging AI for travel planning?

Related Posts

Tuxedoed Penguin caught in the crosshairs: How apt!

Tuxedoed Penguin caught in the crosshairs: How apt!

Tuesday, September 15, 2020

Transactional fraud and abuse: are they the same?

Transactional fraud and abuse: are they the same?

Thursday, June 23, 2022

Gaming communities should take note of these safety tips

Gaming communities should take note of these safety tips

Thursday, September 2, 2021

Facebook, this is Your Digital Crime…

Facebook, this is Your Digital Crime…

Tuesday, April 6, 2021

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • CISOs can navigate emerging risks from autonomous AI with a new security framework

    CISOs can navigate emerging risks from autonomous AI with a new security framework

    See how security leaders can adopt layered strategies addressing intent, governance, and oversight to manage …Read more
  • MoneyMe strengthens fraud prevention and credit decisioning

    MoneyMe strengthens fraud prevention and credit decisioning

    Australian fintech strengthens risk management with SEON to scale lending operations securely and efficiently.Read more
  • PT Kereta Api Indonesia announces nationwide email and communication overhaul

    PT Kereta Api Indonesia announces nationwide email and communication overhaul

    The state railway operator’s upgraded email system improves privacy, operational reliability, and regulatory alignment for …Read more
  • Operationalizing sustainability in cybersecurity: Group-IB’s approach

    Operationalizing sustainability in cybersecurity: Group-IB’s approach

    See how the firm turned malware-group takedowns into measurements of sustainability and resilience gains: by …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.