Skip to content
- Cybercriminals exploit Reddit to spread AMOS and Lumma malware, targeting crypto users through fake TradingView downloads.
- Fake cracked TradingView software leads to malware infections on Mac and Windows, putting cryptocurrency wallets at risk.
- Malwarebytes warns users against downloading software from unofficial sources as hackers steal credentials and digital assets.
Cybersecurity firm Malwarebytes issued a recent warning demonstrating how attackers distribute information-stealing malware specifically aimed at cryptocurrency users operating Mac and Windows systems through Reddit. The fraudulent scheme provides false entries announcing free access to premium TradingView trading software with a cracked version.
The fake posts mislead users into believing TradingView provides an unlocked version yet send them to different websites that do not contain the promised software. Multiple studies indicate that the download process of this malicious software by Mac system users leads to the automatic installation of AMOS malware that aims to steal credentials. For Windows devices, the threat is Lumma malware, which enables unauthorized code execution that empties cryptocurrency wallet contents.
Attackers Use Fake TradingView Downloads to Distribute Malware
The cybercriminals target Reddit communities that attract cryptocurrency traders as victims. The posting of links contains carefully selected information that promises free access to the Premium features of TradingView. According to Malwarebytes’ analysis, their team discovered that the malware operates from double-zip files locked with passwords, which serve as a stealth measure to detect user activity.
On macOS, the installer contains a new variant of AMOS, a sophisticated info-stealer that can detect virtual machines and steal login credentials. This Windows “Costs.tiff.bat” file utilizes an obfuscated format that enables the release of an AutoIt script through this batch command file. The script executes remote server transactions with Seychelles-based communication for data theft.
The primary mission of this malware involves stealing access to cryptocurrency wallet storage systems that belong to users. Before transferring the victim identities to their control, the attackers deploy special software to gather the victims’ credentials. Everyone involved with these scams endures severe monetary losses due to their nature as threats.
Users need to download software exclusively from official sites because experts across the cybersecurity field constantly advise this practice. TradingView operates alongside similar legitimate services that avoid distributing their premium tools through unauthorized theft-ridden versions. People who want to prevent malware attacks should always check the genuine nature of download links while using authorized official websites.
Cryptocurrency traders and online users need continuous alerts because cybercriminals improve their cyber attack strategies. The protection of users against dangerous campaigns depends on their alertness because security organizations monitor these harmful campaigns.
Also Read: Binance Takes Decisive Action: Market Maker Banned for Violating $GPS and $SHELL Trading Policies
