Crypto traders targeted by malware disguised as TradingView

Cryptocurrency traders are being targeted by a sophisticated malware campaign disguised as a "cracked" version of TradingView Premium, a popular platform for financial market analysis.

The malware, identified as Lumma Stealer and Atomic Stealer, is distributed through Reddit posts offering free access to TradingView's premium features.

According to Malwarebytes, these malicious programs are designed to steal personal data and drain crypto wallets.

The scammers claim the software is free and unlocked from the official version, but it actually contains malware aimed at targeting cryptocurrency wallets and two-factor authentication (2FA) browser extensions.

Jerome Segura, a senior security researcher at Malwarebytes, noted that the scammer actively assists users in downloading the malware, making the scheme particularly deceptive.

"What’s interesting with this particular scheme is how involved the original poster is, going through the thread and being ‘helpful’ to users asking questions or reporting an issue," Segura said.

The malware is hosted on a website linked to a Dubai cleaning company, and the command and control server was registered by someone in Russia.

This highlights the global nature of these cyber threats and the need for vigilance among crypto users.

Common red flags include instructions to disable security software and password-protected files, which are unusual for legitimate software distributions.

"Cracked software has been prone to containing malware for decades, but the lure of a free lunch is still very appealing,"  Segura emphasised.

Blockchain analytics firms like Chainalysis report that crypto crime has become increasingly sophisticated, with $51 billion in illicit transactions in the past year, driven by AI-driven scams and cyber syndicates.