How scammers steal the crypt through TradingView.

By Evtuoil | Cryptographic News | 16 Apr 2025


North Korean hackers are not the only danger for cryptocurrency fans. The cybersecurity company Malwarebytes has warned about a new type of malicious software that steals the crypt. According to sources, it is hidden inside the "hacked" version of TradingView Premium.

c88ffc2b708aa49412e728629a457034f49c2f7a41c168ba560a07de49ede32f.jpg

Scammers post links to the installers of "TradingView Premium Cracked" on the cryptocurrency forums of Reddit. These links are interesting because TradingView is one of the most popular tools for traders.

Jerome Segura, senior security analyst at Malwarebytes, commented on the situation.

We have information about victims whose crypto wallets were emptied. The scammers then forged the identities of these victims and sent malicious links to their contacts.

0dcb3e01f14a509bc3e527b62e3cd3f0c77b60f03086647be0e9b5e94cc180d1.jpg 

(A post by scammers on Reddit with the aim of stealing cryptocurrencies).

The attackers claim that using the link you can find a hacked version of the program with premium features that are available in real TradingView only by subscription.

In fact, the malicious client contains two malware. These are Lumma Stealer and Atomic Stealer.

Lumma Stealer is an information theft program that has been in existence since 2022 and is primarily aimed at crypto wallets and browser extensions for two-factor authentication (2FA).

Atomic Stealer was first discovered in April 2023 and is known for its ability to capture administrator passwords and keys in password storage.

In addition to "TradingView Premium Cracked", scammers also offer other fake versions of trading software.

Segura noted that one of the interesting features of the attackers' scheme is that they actively establish contact with the victim and help with the installation of the client.

What's interesting about this particular scheme is how involved the author of the Reddit post is, who is actively involved in the discussions. It "helps" users who ask questions or report problems.

The malware's origin could not be determined precisely, but Malwarebytes experts discovered that the file hosting site belongs to a cleaning company from Dubai. At the same time, the malware management and control server was registered by someone from the Russian Federation about a week ago.

Apparently, user activity really hinders hackers, who continue to make efforts to launder coins. However, it will not be possible to fully prevent this. Therefore, users should still consider storing scripts using hardware wallets.

 

Be careful and please take care of yourself!

How do you rate this article?

29


Evtuoil
Evtuoil

Writer, poet, philosopher. I love our WORLD and nature. I'm interested in cryptocurrency.


Cryptographic News
Cryptographic News

All about the crypto market

Publish0x

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.