Malware hidden in cracked TradingView app drains crypto wallets
Malware drains crypto wallets in cracked TradingView app
Cybercriminals are using cracked versions of the popular TradingView Premium app to infect devices with malware, leading to the theft of cryptocurrency wallets.
Security researchers have warned that these fake versions, which promise free access to TradingView’s paid features, are being widely distributed through Reddit, particularly in cryptocurrency-focused forums, according to Decrypt.
Once installed, the compromised software unleashes a pair of dangerous malware strains: Lumma Stealer for Windows and Atomic Stealer (AMOS) for Mac. These programs extract sensitive data, including login credentials, two-factor authentication (2FA) codes, and private keys for cryptocurrency wallets.
Sophisticated social engineering tactics
The attackers go beyond just planting malware. To ensure victims install the malicious software, they engage in social engineering tactics, posing as customer service representatives in online forums.
On macOS, where Apple’s security measures flag the malware, scammers guide users through disabling protections that would otherwise prevent the attack.
“What's interesting with this particular scheme is how involved the original poster is,” noted Jérôme Segura, a senior security researcher at Malwarebytes. In some cases, infected users report that their accounts were later used to impersonate them and spread further phishing attempts.
According to blockchain analytics firm Chainalysis, crypto-related cyber crime remains a growing issue, with $51 billion in illicit transactions recorded last year alone. Experts urge users to avoid downloading cracked software and to enable security features such as hardware wallets and multi-factor authentication to protect their digital assets.
A new cyber threat, called "Cthulhu Stealer", is targeting macOS users and their cryptocurrency assets. This malware-as-a-service (MaaS) steals from digital wallets.
