TradingView Premium cracks are used by scammers in order to drain cryptocurrency wallets.
It is a “cracked version” of TradingView’s Premium App. The malware-infected versions of TradingView Premium are distributed through Reddit, and can be found on many cryptocurrency Reddit subreddits.
They have been reported to be emptied of their cryptocurrency wallets. They were then impersonated by the scammers, who used their details to send out phishing attempts encouraging the victims’ contacts to download and install the infected app.
After downloading the program, whether on Mac or Windows it unleashes onboard malware, Lumma Stealer in Windows and Atomic Stealer(AMOS) for Mac.
Analyzing the code reveals that AMOS attacks exfiltrate user data onto a Seychelles server. The data in question includes 2FA and password information.
To bypass Mac security, scammers pretend to be customer service and “help” users install software. These scammers also provide advice on how they can disable some security protocols, which otherwise would have protected them against these types of attacks.
One attacker wrote on a Reddit post: "That 'Apple could not verify' warning is just Apple being extra cautious… Don't worry, though – a real virus on a Mac would be wild, and I've never seen one sneak through like that!" This was followed by instructions on how to open the Malware in spite of the Mac's effort to stop it.
Lumma Stealer is a 2022-dated malware that targets crypto wallets, two-factor authentication extensions, and Macs.
Jérôme Segura, a senior security researcher at Malwarebytes, wrote in a blog post: "What’s interesting with this particular scheme is how involved the original poster is."
Obwohl this is a more direct method of criminality, it is not a new crime. Chainalysis is a Blockchain analytics company that estimates $51 Billion in illicit transaction volumes in the last 12 months.
Stacy Elliott edited this article.
