Cracked TradingView Premium Spreads Malware, Steals Crypto Wallets

Malwarebytes, a cybersecurity company, has discovered that scammers are promoting a modified version of the platform, which secretly installs harmful software designed to steal personal information and drain crypto wallets.

According to a March 18 blog post, the fraudsters are active on crypto-related subreddits, where they post download links for what they claim is a cracked version of TradingView Premium.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

Candlesticks, Trendlines & Patterns Easily Explained (Animated Examples)

SUBSCRIBE

ON YOUTUBE

According to Jerome Segura, a senior researcher at Malwarebytes, these posts include Windows and Mac installers that contain two types of malware, Lumma Stealer and Atomic Stealer.

Lumma Stealer, identified in 2022, is known for extracting login details, cryptocurrency wallet credentials, and data from two-factor authentication (2FA) browser extensions. Atomic Stealer, which surfaced in 2023, goes after passwords stored in system keychains, including administrator credentials.

Victims of this malware have reported losing their crypto holdings, with scammers even taking control of their accounts to send phishing messages to their contacts.

Additionally, Segura explained, "Files are double zipped, with the final zip being password protected. For comparison, a legitimate executable would not need to be distributed in such fashion". This tactic prevents antivirus programs from detecting harmful files before they are extracted and executed.

Investigations into the origins of the malware revealed that the files were hosted on a website linked to a Dubai cleaning company, while the command-and-control server was registered in Russia just a week before it was discovered.

Recently, Microsoft identified a new remote access Trojan (RAT) called StilachiRAT. What does this malware do? Read the full story.