TLDR

Cybersecurity firm Malwarebytes warns of malware hidden in “cracked” versions of TradingView Premium targeting crypto holders
Scammers post links on Reddit claiming to offer free premium features but distribute AMOS (Mac) and Lumma (Windows) malware
The malware can steal credentials, drain cryptocurrency wallets, and capture sensitive data like passwords and 2FA information
Scammers actively engage with potential victims in Reddit threads to help them download the malicious software
Red flags include instructions to disable security software and password-protected zip files

Cybersecurity experts have issued an alert about a new scam targeting cryptocurrency holders through fake “cracked” versions of TradingView Premium. The popular trading platform’s name is being used to distribute dangerous malware that can steal crypto assets.

Malwarebytes recently discovered several strains of info-stealer malware being spread through Reddit posts. These posts specifically target crypto users on both Mac and Windows operating systems.

The scammers advertise “TradingView Premium Cracked” programs. They claim these versions offer access to premium features for free.

Users who click on the download links are directed to websites unrelated to TradingView’s official site. These fake downloads contain harmful software.

AMOS and Lumma stealers actively spread to Reddit users

Mac users who fall for the scam receive AMOS malware. This software can steal personal credentials from their devices.

Windows users face an even more dangerous threat called Lumma Stealer. This malware has been active since 2022.

Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication browser extensions. It can effectively bypass security measures that many crypto holders use to protect their assets.

Another malware variant called Atomic Stealer was first discovered in April 2023. It is known for capturing sensitive data like administrator and keychain passwords.

A New Approach

Jerome Segura, a senior security researcher at Malwarebytes, highlighted an interesting aspect of this scheme. The scammers don’t just post links and disappear.

“What’s interesting with this particular scheme is how involved the original poster is,” Segura noted in a March 18 blog post. The scammers actively engage with potential victims in the comment threads.

They offer “help” to users who have questions or report issues with downloads. This approach adds credibility to their scam and increases the likelihood of successful infections.

Malwarebytes found some clues about the origin of the malware. The website hosting the files belonged to a Dubai cleaning company.

The command and control server for the malware had been registered by someone in Russia. This registration occurred approximately one week before the discovery.

Segura points out that there are clear warning signs users should watch for. The malicious files are “double zipped,” with the final zip being password-protected.

Legitimate software would not be distributed this way. Another red flag is instructions to disable security software so the program can run.

Some victims have already suffered losses from this scam. Malwarebytes reports cases where crypto wallets were emptied completely.

In some instances, hackers then impersonated the victims. They sent phishing links to the victims’ contacts to spread the infection further.

This scheme is part of a growing trend in crypto crime. Blockchain analytics firm Chainalysis estimates there was $51 billion in illicit transaction volume in the past year.

The firm’s 2025 Crypto Crime Report indicates that crypto crime has entered a more sophisticated era. This includes AI-driven scams, stablecoin laundering, and efficient cyber crime operations.

Crypto users are advised to download software only from official sources. Any offer promising premium features for free should be treated with extreme caution.

The post Warning: Malware-Infected TradingView “Cracked” Versions Target Crypto Wallets appeared first on CoinCentral.

---

Filed under: News - @ March 20, 2025 9:26 am