Malwarebytes Warns of Crypto-Stealing Malware in "Cracked" TradingView Premium

Cybersecurity firm Malwarebytes has issued a warning about a new form of crypto-stealing malware hidden within a "cracked" version of TradingView Premium, a software tool used for charting financial markets. The scammers are actively posting links to these malicious installers on crypto subreddits, targeting both Windows and Mac users. These installers, labeled as "TradingView Premium Cracked," are designed to steal personal data and drain crypto wallets. Jerome Segura, a senior security researcher at Malwarebytes, highlighted in a March 18 blog post that victims have reported their crypto wallets being emptied and their identities being impersonated by criminals who then send phishing links to their contacts.

The fraudsters claim that these programs are free and have been cracked directly from the official version, unlocking premium features. However, these programs are actually riddled with malware, specifically Lumma Stealer and Atomic Stealer. Lumma Stealer, which has been active since 2022, primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions. Atomic Stealer, discovered in April 2023, is known for capturing data such as administrator and keychain passwords. Besides "TradingView Premium Cracked," the scammers have also offered other fraudulent trading programs to target crypto traders on Reddit.

One notable aspect of this scheme is the level of involvement by the scammers. They actively assist users in downloading the malware-ridden software and help resolve any issues with the download. Segura noted that the scammers engage with users in the thread, providing support and answering questions, which adds a layer of deception to the scam. The origin of the malware is unclear, but Malwarebytes found that the website hosting the files belonged to a Dubai cleaning company, and the malware command and control server had been registered by someone in Russia roughly one week ago.

Segura emphasized that cracked software has long been a vector for malware, but the allure of free premium features continues to attract users. Common red flags for these types of scams include instructions to disable security software and files that are password-protected. In this instance, the files are double zipped, with the final zip being password protected, which is unusual for legitimate software. Segura advises users to be cautious and avoid downloading cracked software to protect their personal data and crypto assets.