Gushiken Yona
Cracked TradingView software is draining cryptocurrency wallets right now, as a sophisticated malware campaign sweeps through online forums, leaving a trail of emptied accounts and compromised identities in its wake.
Cracked TradingView Downloads Spread Malware, Steal Crypto
Malwarebytes, a cybersecurity firm, issued a warning on March 18 about a new malware campaign targeting cryptocurrency traders. The attack uses fraudulent installers for “TradingView Premium Cracked,” promising free access to the charting platform’s paid features. These installers, promoted primarily on Reddit, contain malware that steals personal data and drains cryptocurrency wallets.
The campaign employs different malware depending on the user’s operating system. Windows users are infected with Lumma Stealer, an information stealer known for targeting crypto wallets and two-factor authentication extensions. Mac users receive Atomic Stealer (AMOS), which captures sensitive data like passwords and keychain information.
Cracked TradingView Scammers Actively Engage Victims on Reddit
The attackers are not simply distributing the malware but are also actively engaging with potential victims on Reddit, posing as helpful users and offering assistance with installation. This social engineering tactic increases the likelihood of users disabling security software and installing the compromised programs.
“Scammers are lurking on subreddits visited by cryptocurrency traders and posting about free access to TradingView, a web-based platform and social network that provides charting tools for analyzing financial markets, including stocks, forex, cryptocurrencies, and commodities,” Malwarebytes senior security researcher Jerome Segura said. “The offer claims that the programs are totally free and have been cracked directly from their official version, unlocking premium features,” he added.
Red Flags and Prevention: Avoid Cracked Software
Malwarebytes identified several red flags associated with the scam:
- Instructions to disable security software.
- Double-zipped, password-protected files.
- Downloads hosted on unrelated websites (in this case, a compromised Dubai cleaning company site).
- Files with unusual extensions.
The most crucial preventative measure is to avoid cracked software entirely. Always download software from official sources. Keep security software enabled and updated, and be highly skeptical of unsolicited offers, especially those that seem too good to be true.
Malware Command and Control Linked to Russia
While the origin of the malware is not definitively confirmed, Malwarebytes traced the command-and-control server for the Windows version (Lumma Stealer) to a registration in Russia approximately one week before the report. The Mac malware (AMOS) exfiltrates data to a server in Seychelles.
“The malware command and control server here is cousidporke[.]icu, registered about a week ago by someone in Russia,” Segura noted. “We have heard of victims whose crypto wallets had been emptied and were subsequently impersonated by the criminals who sent phishing links to their contacts, the senior security researcher further said.
This attack highlights the ongoing and evolving threat of cybercrime in the cryptocurrency space. Blockchain analytics firm Chainalysis, reported significant illicit transaction volume in the past year, driven by AI-powered scams and other sophisticated techniques.
The irreversible nature of cryptocurrency transactions makes users a particularly attractive target for criminals. Users are urged to exercise extreme caution and prioritize security best practices to protect their digital assets.
Read More
- Microsoft Warns of StilachiRAT Malware Targeting Crypto Wallets
- Lazarus Strikes Again: OKX DEX Aggregator Targeted, Service Suspended
- Amouranth Doubts Return to Streaming After Crypto Home Invasion
Yona has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Daily is an official media and publication of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.
