TLDR
- Malwarebytes, a firm specialized in security, has pinpointed trojans concealed within pirated versions of TradingView Premium, being circulated on crypto-focused subreddits.
- These malicious programs include Lumma Stealer and Atomic Stealer (AMOS), both set to compromise digital wallets and gather personal information.
- Individuals have discovered their cryptocurrency assets drained, with their accounts manipulated to distribute phishing links.
- Scammers are active in Reddit discussions, continuously 'assisting' users in downloading the tainted software.
- Both Mac and Windows users find themselves targeted by malware specifically crafted for each platform.
Cryptocurrency traders chasing free access to high-end trading tools are being caught in an elaborate ploy that empties wallets and captures personal credentials, according to a recent alert from Malwarebytes.
The core of this scam involves pirated copies of TradingView Premium, a well-loved tool among crypto enthusiasts. These counterfeits spread via posts in cryptocurrency Reddit communities.
The malicious software is built to focus on cryptocurrencies. While Windows users combat Lumma Stealer, Mac users contend with a variant known as AMOS.
Jerome Segura, a prominent researcher at Malwarebytes, shared insights into this hazard through a blog post on March 18, highlighting instances where crypto wallets were completely drained.
Often, attackers continue by utilizing hacked accounts to masquerade as the victims, distributing phishing links to their contacts.
Fraudulent posts claim to offer premium software features for free, advertising the software as a hacked version of the official one, providing paid features free of charge.
This allure of premium features for free is the bait, but the download links reroute users to irrelevant sites instead of the official TradingView site.
Scammers keep their facade intact by staying actively involved in Reddit threads, where they publish these harmful links.
By engaging with user inquiries and addressing download problems, these deceitful actors cultivate trust with prospective targets.
The method of distributing this malware is suspicious and should prompt caution. Segura indicated that 'files arrive in double-zipped format, with the final zip being password-protected.'
He remarked that 'legitimate software wouldn’t need such methods for distribution,' pointing to this as a classic marker of malware.
Since 2022, Lumma Stealer has been preying on cryptocurrency users, focusing on data theft from wallet applications and features for two-factor authentication.
Introduced in April 2023, Atomic Stealer (AMOS) is engineered to capture sensitive data, encompassing admin credentials and details stored within the Mac keychain.
Researchers at Malwarebytes traced the hosting site back to a cleaning company in Dubai. The command center for the malware was registered in Russia shortly before the findings were disclosed.
As Segura noted, this scam capitalizes on the 'temptation of free software.' Despite the long-standing awareness of cracked software as malware conduits, the promise of free premium applications remains alluring.
Analytics from Chainalysis place this scam within wider crypto crime trends. Their 2025 Crypto Crime Report described the rise of highly professionalized crypto frauds, including AI-driven schemes.
Chainalysis reports illicit crypto dealings hit $51 billion in the previous year. This TradingView deception is one of many fraud attempts aiming at crypto asset holders.
Users should remain vigilant for warning signs when downloading software, such as prompts to disable security programs and password-required files from improper sources.
Maisie, a seasoned journalist in the Crypto & Financial space, has contributed extensively to platforms like MoneyCheck.com, level-up-casino-app.com, and Computing.net, and she leads Blockfresh.com as Editor in Chief.
