A latest threat is emerging from hackers who’re disseminating hazardous software to Reddit users who’re in search of free trading tools. Malwarebytes, a cybersecurity firm, has reported that scammers have installed malware in phony “cracked” versions of TradingView Premium. This malware has the potential to pilfer personal information and empty crypto wallets. Malwarebytes Senior security researcher Jerome Segura issued the warning in a blog post on March 18.
Victims Lose Crypto, Their Identity Gets Stolen
Segura reported that victims had their crypto wallets depleted and later impersonated by criminals who sent phishing links to their contacts. The attack employs a dual threat, during which two distinct malware programs, Lumma Stealer and Atomic Stealer, collaborate to infiltrate the computers of victims.
Atomic, which began operating in April 2023, targets administrator and keychain credentials, while Lumma has been operational since 2022 and concentrates on cryptocurrency wallets and two-factor authentication browser extensions.
AMOS and Lumma info stealers have recently been distributed via Reddit posts targeting Mac and Windows users within the crypto space, draining their wallets and stealing personal data. Considered one of the common lures is a cracked version of the favored trading platform TradingView.
A 🧵 pic.twitter.com/nRweAYv74x
— Malwarebytes (@Malwarebytes) March 19, 2025
Scammers Act Helpful While Spreading Malware
The way during which the perpetrators interact with potential victims is what distinguishes this scam. The fraudsters are present on cryptocurrency subreddits, where they post links to what they claim are free “cracked” versions of premium financial graphing software for each Windows and Mac.
As of today, the market cap of cryptocurrencies stood at $2.77 trillion. Chart: TradingView
Segura observed within the blog post that the unique poster’s involvement within the thread is intriguing, as they’re “helpful” to users who’re asking inquiries or reporting a problem. This extra effort to seem legitimate is instrumental in persuading a greater number of people to acquire the hazardous files.
Warning Signs Point To Malicious Software
The infected files exhibit distinct warning signs that users should pay attention to, in keeping with Malwarebytes’ evaluation. Legitimate software doesn’t employ the distribution approach to double-zipped files with password protection, which is the case with the malware.
Total crypto value received by shady addresses from 2020 to 2024. Source: Chainalysis
One other significant red flag is that the scammers steadily request that users disable their security software with a view to execute this system. The poster’s helpful comments obscure the disclaimer that users download at their very own risk, despite the proven fact that the post acknowledges this.
Crypto Crime Becomes More Skilled
Meanwhile, the attack’s trail results in unexpected locations. Malwarebytes discovered that the malware was hosted on an internet site owned by a cleansing company in Dubai, while the command and control server was registered in Russia roughly one week ago.
Chainalysis’s 2025 Crypto Crime Report describes a broader pattern during which crypto crime has “entered a professionalized era dominated by AI-driven schemes, stablecoin laundering, and efficient cyber syndicates.” This scam is a component of this pattern. The report disclosed that illicit cryptocurrency transactions reached over $50 billion within the previous 12 months.
Featured image from Gemini Imagen, chart from TradingView
Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and every page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.