Cybersecurity researchers have discovered crypto-stealing malware distributed via the Reddit platform. Criminals lure victims with supposedly "free" access to TradingView, a popular trading data platform.
Cybersecurity solutions firm Malwarebytes Labs found that the crooks are posting links to both Windows and Mac installers infected with Lumma Stealer and a new variant of Atomic Stealer (AMOS), respectively. These malware programs are known for helping their distributors make substantial profits by stealing crypto assets.
What makes this case unique is that this time, the criminals are posting on the real Reddit website, in contrast to recent attacks that used fake Reddit pages.
In this latest attack, scammers are posting links in subreddits popular among crypto traders, claiming that they've cracked the Premium version of TradingView, which can now be accessed for free.
"We're more than a drop-off – we're crafting a hub for traders chasing free tools and solid chats. This cracked TradingView is just the start," the criminals wrote in their post, adding that Reddit users should be aware they are installing this software "at your own risk."
Moreover, in the same thread, they addressed the issue of Mac flagging the malware, claiming that this happens because "this TradingView is a cracked version."
"Don't worry, though – a real virus on a Mac would be wild, and I've never seen one sneak through like that!" the criminals wrote, explaining how their victims could bypass Mac's warning.
Malwarebytes Labs also discovered that the website hosting the files belongs to a Dubai cleaning company, as its site is prone to exploitation.
"Both Mac and Windows files are double-zipped, with the final zip being password-protected. For comparison, a legitimate executable would not need to be distributed in such a fashion," the researchers said, adding that the malware command and control server was registered about a week ago by someone in Russia.
"We have heard of victims whose crypto wallets have been emptied and who were subsequently impersonated by the criminals, who then sent phishing links to their contacts," the cybersecurity team concluded. No estimations of potential losses were provided.
Your email address will not be published. Required fields are markedmarked