11 hours ago
11
Cybersecurity steadfast Malwarebytes has warned of a caller signifier of crypto-stealing malware hidden wrong a “cracked” mentation of TradingView Premium, bundle that provides charting tools for fiscal markets.
The scammers are lurking connected crypto subreddits, posting links to Windows and Mac installers for “TradingView Premium Cracked,” which is laced with malware aimed astatine stealing idiosyncratic information and draining crypto wallets, Jerome Segura, a elder information researcher astatine Malwarebytes, said successful a March 18 blog post.
“We person heard of victims whose crypto wallets had been emptied and were subsequently impersonated by the criminals who sent phishing links to their contacts,” helium added.
Fraudsters assertion the programs are escaped and person been cracked straight from their authoritative version, but they are really riddled with malware. Source: Malwarebytes
As portion of the snare, the fraudsters assertion the programs are escaped and person been cracked straight from their authoritative version, unlocking premium features. It really contains 2 malware programs, Lumma Stealer and Atomic Stealer.
Lumma Stealer is an accusation stealer that’s been astir since 2022 and primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions. Atomic Stealer was archetypal discovered in April 2023 and is known for its quality to seizure information specified arsenic head and keychain passwords.
Besides “TradingView Premium Cracked,” the scammers person offered different fraudulent trading programs to people crypto traders connected Reddit.
Segura said 1 of the absorbing aspects of the strategy is that the scammer besides takes the clip to assistance users successful downloading the malware-ridden software and assistance resoluteness immoderate issues with the download.
“What’s absorbing with this peculiar strategy is however progressive the archetypal poster is, going done the thread and being ‘helpful’ to users asking questions oregon reporting an issue,” Segura said.
“While the archetypal station gives a heads-up that you are installing these files astatine your ain risk, further down successful the thread, we tin work comments from the Original poster.”
In this case, the scammer sticks astir to assistance users successful downloading the malware-ridden software. Source: Malwarebytes
The root of the malware wasn’t clear, but Malwarebytes recovered that the website hosting the files belonged to a Dubai cleaning company, and the malware bid and power server had been registered by idiosyncratic successful Russia astir 1 week ago.
Segura says that cracked bundle has been prone to containing malware for decades, but the “lure of a escaped luncheon is inactive precise appealing.”
Common reddish flags to ticker retired for with these types of scams are instructions to disable information bundle truthful the programme tin tally and files that are password-protected, according to Malwarebytes.
Related: Microsoft warns of caller distant entree trojan targeting crypto wallets
In this instance, Segura says the “files are treble zipped, with the last zip being password protected. For comparison, a morganatic executable would not request to beryllium distributed successful specified fashion.”
Blockchain analytics steadfast Chainalysis reported in its 2025 Crypto Crime Report that crypto transgression has entered a professionalized epoch dominated by AI-driven scams, stablecoin laundering, and businesslike cyber syndicates. In the past year, the analytics steadfast estimates determination was $51 cardinal successful illicit transaction volume.
Magazine: Ridiculous ‘Chinese Mint’ crypto scam, Japan dives into stablecoins: Asia Express
English (US) ·