内容来源：https://lifehacker.com/tech/this-android-malware-is-spreading-using-meta-ads?utm_medium=RSS

内容总结：

网络安全公司Bitdefender研究人员发现，黑客正通过Meta旗下脸书平台的广告功能传播名为"Brokewell"的安卓系统间谍软件。该恶意软件伪装成投资分析软件TradingView的会员权益推广广告，诱导用户点击后跳转至克隆网站，自动下载包含恶意代码的APK文件。

该软件在安装过程中会请求多项设备权限，并通过虚假更新提示骗取用户锁屏密码。获得权限后，该程序会自动卸载以规避检测。其具备窃取加密资产、截获双重认证码、伪造登录界面、监控键盘操作、拦截短信及远程控制设备等多重恶意功能。

值得注意的是，此次攻击仅针对安卓移动设备用户，桌面系统用户点击相同广告不会触发恶意下载。安全专家建议用户保持警惕：避免点击社交平台广告，尤其涉及投资建议与过度优惠内容；仅通过官方应用商店下载程序；审慎对待索要无障碍权限或锁屏密码的应用请求，仅授权与功能相关的必要权限。

中文翻译：

您知道吗？您可以自定义谷歌设置来屏蔽垃圾信息？只需几个步骤就能获得更优质的搜索结果，比如将Lifehacker添加为科技新闻的优先信源。

恶意攻击者再次利用Meta广告平台传播病毒。此次涉及的是一种名为Brokewell的安卓间谍软件，正通过Facebook上的恶意广告活动扩散。

据Bitdefender研究人员透露，网络犯罪分子正针对安卓移动用户投放虚假广告，声称可免费使用市场追踪与投资应用TradingView的高级版。这些冒用TradingView品牌标识（部分甚至使用Labubus形象）的欺诈广告，会诱导用户下载并在设备上安装恶意软件。

Brokewell入侵安卓设备流程
Bitdefender报告指出，该恶意广告诱使用户点击看似推广TradingView的Facebook广告，实则跳转至克隆网站，自动向用户设备下载恶意APK文件。该流氓应用在显示一系列虚假更新提示（包括索要设备锁屏PIN码的弹窗）的同时，会请求广泛的无障碍权限。一旦获得授权，安装程序便会自行卸载以规避检测。

这款恶意软件实为高级间谍软件兼远程访问木马（RAT），具有多重攻击能力：
· 窃取加密资产
· 从谷歌身份验证器中抓取并导出双因素认证(2FA)代码
· 覆盖虚假登录界面实施账户劫持
· 通过键盘记录和屏幕录制进行监控
· 拦截短信窃取银行及2FA验证码
· 远程设备控制

该骗局专门针对安卓移动用户——若Windows桌面或MacOS用户点击虚假TradingView广告，只会显示正常内容而非恶意克隆网站。需要警惕的是，攻击者曾通过Facebook广告覆盖多平台用户，冒充各类加密货币、投资交易应用及知名金融专业人士进行推广。

如何防范恶意广告
应对Facebook等社交媒体的广告保持警惕，这些均是传播恶意软件和诈骗的常见渠道。即使看到熟悉的企业或品牌广告也不要点击——尤其是涉及投资建议或看似好得不真实的优惠时。务必警惕跳转到仿冒域名或欺诈网站的链接，以及强制下载文件或应用的请求。

建议仅通过Google Play等可信渠道下载应用。虽然恶意应用偶有漏网之鱼，但远比从未经审核的来源侧载安全。对于无故请求无障碍权限或锁屏PIN码的应用应保持怀疑，避免授予非核心功能必需的权限（即使应用本身合法）。

英文来源：

Did you know you can customize Google to filter out garbage? Take these steps for better search results, including adding Lifehacker as a preferred source for tech news.
Threat actors are once again using Meta's advertising platform to distribute malware. This time, it's a form of Android spyware known as Brokewell, and it's spreading through a malvertising campaign on Facebook.
According to researchers at Bitdefender, cybercriminals are running ads that promise free access to TradingView Premium, a market tracking and investment app, for Android mobile users. Clicking on the fraudulent ads, which use TradingView's branding and, in some cases, images of Labubus, leads to users downloading and installing malware on their devices.
How Brokewell compromises Android devices
As the Bitdefender report outline, this malvertising attack tricks users into clicking Facebook ads that appear to be for TradingView, but the links go to a cloned website, which initiates a download of a malicious .apk file to the user's device. The dropped app requests broad accessibility permissions while showing the user a series of fake update prompts, including one that requests the device's lock screen PIN. Once permissions are granted, the dropper uninstalls itself to avoid detection.
The malware itself is an advanced spyware and remote access trojan (RAT) that has a range of capabilities:
Crypto theft
Scraping and exporting two-factor authentication (2FA) codes from Google Authenticator
Overlaying fake login screens for account takeover
Surveillance, such as keylogging and screen recording
Intercepting SMS messages to steal banking and 2FA codes
Remote device control
This specific scheme targets Android mobile users—if someone on Windows desktop or MacOS clicks on a fake TradingView ad, they'll see benign content instead of the malicious cloned site. That said, threat actors have used Facebook ads to reach users across platforms and devices, with campaigns impersonating various cryptocurrency, investment, and trading apps as well as prominent finance professionals.
How to stay safe from malvertising
You should be wary of ads on Facebook and other social media sites, as these are common vectors for spreading malware and other scams. Don't click on ads, even if you recognize the company or brand—and especially if they're offering investment advice or a deal that seems too good to be true. Watch out for links that go to lookalike domains or spoofed websites that force you to download files or apps.
Instead, you should download apps only from trusted sources like the Google Play Store. Though malicious apps can sometimes slip through the cracks, it's a lot safer than sideloading from unvetted sources. Be skeptical of apps that request accessibility permissions or your lock screen PIN without an obvious reason, and avoid granting permissions for anything that isn't essential to the app's functionality (even if the app is legit).