According to Malwarebytes, a sophisticated malware scam campaign is targeting crypto traders. The campaign exploits their desire for free premium tools by distributing the Lumma Stealer and Atomic Stealer (AMOS) information-stealing malware through Reddit posts.
This malicious software, which poses as cracked versions of the popular trading platform TradingView, is draining victims’ cryptocurrency wallets and stealing sensitive personal data.
Crypto Scam Alert: Cracked TradingView Spreads Malware
In its latest blog, the cybersecurity company warned that scammers are targeting cryptocurrency-focused subreddits and offering fraudulent free lifetime access to TradingView’s premium features.
“We were alerted to Mac and Windows stealers currently distributed via Reddit posts targeting users engaging in cryptocurrency trading. One of the common lures is a cracked software version of the popular trading platform TradingView,” the blog read.
The promise of a “cracked” version—unlocked premium features without cost—has proven an irresistible lure for unsuspecting users. However, downloading these illicit versions comes at a steep price.
“These two malware families have wreaked havoc, pillaging victims’ personal data and enabling their distributors to make substantial gains, mostly by taking over cryptocurrency wallets,” the post added.
Notably, Malwarebytes’ investigation highlighted a sophisticated malware campaign. This campaign employs multiple layers of obfuscation, outdated infrastructure, and social engineering tactics to steal sensitive data.
Upon examining the two download links, Malwarebytes found that the files were hosted on an unrelated and suspicious website. Furthermore, they are double-zipped and password-protected. This indicates that they are not legitimate software.
On Windows, the malware is delivered via an obfuscated BAT file. It then executes a malicious AutoIt script. Moreover, as per the investigation, this malware communicates with a server recently registered by an individual in Russia.
Meanwhile, Malwarebytes identified the malware on macOS as a variant of AMOS, an information-stealer targeting Mac systems. The malware checks for virtual machines to try and avoid detection and exits if it detects one.
The malware strain exfiltrates sensitive user data, including browser credentials, cryptocurrency wallet information, and personal details, to a server hosted in the Seychelles.
“What’s interesting with this particular scheme is how involved the original poster is, going through the thread and being ‘helpful’ to users asking questions or reporting an issue,” the investigation revealed.
In addition to this malware campaign, other emerging threats are posing significant risks to the crypto community. For instance, Scam Sniffer has uncovered that hackers are using fake Microsoft Teams sites to distribute malware to crypto users. This, in turn, leads to data breaches, credential theft, session hijacking, and wallet drains.
This comes shortly after Microsoft discovered StilachiRAT, a remote access Trojan specifically targeting crypto users. StilachiRAT steals system information, login credentials, and digital wallet data, focusing on 20 cryptocurrency wallet extensions on Chrome.
Meanwhile, Kaspersky’s previous report revealed another concerning trend: cybercriminals blackmailing YouTube influencers with false copyright claims. The blackmail forces them to promote a crypto-mining Trojan, SilentCryptoMiner, further intensifying the security risks the crypto community faces.
OKX
YouHodler
eToro
eToro
eToro
eToro
Wirex
MEXC
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
