Beware of ‘cracked’ TradingView — it’s a crypto-stealing trojan
Cybersecurity firm Malwarebytes has warned of a new form of crypto-stealing malware hidden inside a “cracked” version of TradingView Premium, software that provides charting tools for financial markets.
The scammers are lurking on crypto subreddits, posting links to Windows and Mac installers for “TradingView Premium Cracked,” which is laced with malware aimed at stealing personal data and draining crypto wallets, Jerome Segura, a senior security researcher at Malwarebytes, said in a March 18 blog post.
“We have heard of victims whose crypto wallets had been emptied and were subsequently impersonated by the criminals who sent phishing links to their contacts,” he added. Fraudsters claim the programs are free and have been cracked directly from their official version, but they are actually riddled with malware. Source: Malwarebytes
Segura told Cointelegraph that typically “trojanized applications” still deliver the actual program they pretend to be; however, this time, it wasn’t functional.
”In this case, we didn’t get TradingView but instead the program crashed. This is consistent with what we’ve seen on the Reddit posts with users complaining about issues installing the cracked software,” he said.
As part of the snare, the fraudsters claim the programs are free and have been cracked directly from their official version, unlocking premium features. It actually contains two malware programs, Lumma Stealer and Atomic Stealer.
Lumma Stealer is an information stealer that’s been around since 2022 and primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions. Atomic Stealer was first discovered in April 2023 and is known for its ability to capture data such as administrator and keychain passwords.
Besides “TradingView Premium Cracked,” the scammers have offered other fraudulent trading programs to target crypto traders on Reddit.