Cybersecurity experts have issued a warning regarding a new variant of malware designed to steal cryptocurrency, which is concealed within a “cracked” version of TradingView Premium, a platform that offers financial charting tools.
Scammers are actively engaging on crypto-related forums, sharing links to installers for “TradingView Premium Cracked” compatible with both Windows and Mac. This malicious software is specifically created to pilfer personal information and deplete cryptocurrency wallets. A senior security researcher noted that there have been instances where victims found their crypto wallets completely emptied, with fraudsters subsequently impersonating them to send phishing links to their contacts.
The scammers falsely claim that the programs are free and have been illegally altered from the original versions to unlock premium features; however, these versions contain malicious software. The two key malware varieties included are Lumma Stealer and Atomic Stealer. Lumma Stealer, which has been in circulation since 2022, primarily focuses on stealing credentials from cryptocurrency wallets and two-factor authentication extensions. Conversely, Atomic Stealer was first identified in April 2023 and is known for its capacity to capture sensitive data, including administrative and keychain passwords.
In addition to “TradingView Premium Cracked,” the scammers are also promoting other fraudulent trading software aimed at deceiving crypto traders on forums. A noteworthy aspect of this scheme is the scammer’s active participation—offering help to users during the download process and addressing any issues that arise.
It has been observed that the original poster goes to lengths to appear supportive, answering questions and providing assistance, even as they remind users that downloading these files is done at their own risk. This involvement adds a deceptive layer of trustworthiness to the scam.
While the precise origin of the malware remains unclear, it has been uncovered that the site housing these files is linked to a cleaning company in Dubai, while the command-and-control server for the malware was registered by an individual in Russia about a week ago. It has long been recognized that cracked software frequently harbors malware, yet the allure of obtaining free software continues to draw in users.
Common indicators of these scams include prompts to disable security features to allow the software to run and files that require passwords for access. In this case, the files are found to be doubly compressed, with the final archive being password-protected. Legitimate software typically does not employ such distribution methods.
In a recent report on crypto-related crime, a blockchain analytics firm revealed that the realm of cryptocurrency crime has evolved into a more organized sector characterized by AI-driven scams, stablecoin laundering, and well-coordinated cyber criminal groups. Estimates suggest that the total volume of illicit transactions in the past year reached around $51 billion.