Beware of Cracked TradingView: A New Crypto-Stealing Trojan

Cybersecurity experts at Malwarebytes have issued a warning about a sophisticated form of malware that is targeting cryptocurrency users. This malware is cleverly disguised within a ‘cracked’ version of TradingView Premium, a popular software used for financial market charting tools. Scammers are actively promoting links to these malicious installers on various crypto subreddits, claiming they offer free access to premium features. However, these versions are laced with malware designed to steal personal data and drain cryptocurrency wallets.

The Mechanics of the Scam

According to Jerome Segura, a senior security researcher at Malwarebytes, the threat has become increasingly prevalent. In a blog post dated March 18, he detailed how victims have reported having their crypto wallets emptied and subsequently being impersonated by the criminals who then sent phishing links to their contacts. This alarming trend highlights the need for vigilance among cryptocurrency users.

How the Malware Operates

The malicious software contains two distinct malware programs: Lumma Stealer and Atomic Stealer. Lumma Stealer has been in circulation since 2022 and specifically targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions. On the other hand, Atomic Stealer, which emerged in April 2023, is notorious for its ability to capture sensitive data, including administrator and keychain passwords.

Scammers’ Tactics

One of the most intriguing aspects of this scam is the level of engagement the scammers maintain with potential victims. Segura noted that the original poster of the cracked software goes to great lengths to assist users in downloading the files and resolving any issues they encounter. This deceptive friendliness can mislead users into believing they are dealing with a legitimate source.

Red Flags to Watch For

Malwarebytes emphasizes several common red flags that users should be aware of when encountering such scams. These include:

• Instructions to disable security software to allow the program to run.
• Files that are password-protected.
• Double-zipped files, which is a tactic often used to obscure malicious content.

In this particular case, Segura pointed out that the files are double zipped, with the final zip being password protected. This is a significant warning sign, as legitimate executables typically do not require such convoluted distribution methods.

The Origin of the Malware

While the exact origin of this malware remains unclear, Malwarebytes discovered that the website hosting the malicious files is linked to a cleaning company based in Dubai. Furthermore, the command and control server for the malware was registered by an individual in Russia just a week prior to the discovery. This international aspect of the scam underscores the global nature of cybercrime.

The Broader Context of Crypto Crime

In a related note, blockchain analytics firm Chainalysis has reported that the landscape of crypto crime has evolved into a more professionalized arena. The firm highlighted trends such as stablecoin laundering and the emergence of efficient cyber syndicates. Over the past year, Chainalysis estimates that there has been a staggering $51 billion in illicit transaction volume within the cryptocurrency space.

Protecting Yourself from Crypto Scams

As the threat of crypto-stealing malware continues to grow, it is crucial for users to take proactive measures to protect their assets. Here are some essential tips:

• Always download software from official sources. Avoid cracked versions or unofficial installers.
• Keep your security software up to date to detect and block potential threats.
• Be cautious of unsolicited links or offers, especially on social media and forums.
• Use hardware wallets for storing significant amounts of cryptocurrency, as they provide an extra layer of security.
• Regularly monitor your crypto wallets for any unauthorized transactions.

In conclusion, the emergence of this new trojan disguised as a cracked version of TradingView serves as a stark reminder of the risks associated with the cryptocurrency market. As scams become more sophisticated, users must remain vigilant and informed to safeguard their digital assets. For more information on this topic, you can read the original article here.