Beware! The Crypto Scammers Are Here to Steal Your Wallets! 💰😱

by

Ah, dear reader! A most sinister threat has emerged from the shadowy corners of the internet, where hackers, those modern-day sorcerers, are casting their nefarious spells upon unsuspecting Reddit users in search of free trading tools. Malwarebytes, a valiant knight in the realm of cybersecurity, has raised the alarm, revealing that these rogues have cunningly embedded malware within counterfeit “cracked” versions of TradingView Premium. This malicious software, like a thief in the night, is poised to pilfer personal information and leave crypto wallets as barren as a desert. Our brave Malwarebytes Senior security researcher, Jerome Segura, has issued this warning in a blog post dated March 18, a date that shall live in infamy! 🏴‍☠️

Victims Lose Crypto, Their Identity Gets Stolen

Segura, with a furrowed brow, reported that victims found their crypto wallets emptied, only to be impersonated by dastardly criminals who sent phishing links to their unsuspecting contacts. This attack is a dual threat, a veritable tag team of malware programs, Lumma Stealer and Atomic Stealer, working in unholy harmony to infiltrate the computers of their victims. What a delightful duo! 🎭

Atomic, the newcomer on the scene since April 2023, has taken to targeting administrator and keychain credentials, while Lumma, the seasoned veteran since 2022, focuses on cryptocurrency wallets and two-factor authentication browser extensions. A match made in malware heaven!

AMOS and Lumma info stealers have recently been distributed via Reddit posts targeting Mac and Windows users in the crypto space, draining their wallets and stealing personal data. One of the common lures is a cracked version of the popular trading platform TradingView.

A

— Malwarebytes (@Malwarebytes) March 19, 2025

Scammers Act Helpful While Spreading Malware

Ah, the art of deception! The way these perpetrators engage with their potential victims is what sets this scam apart. They lurk in cryptocurrency subreddits, posting links to what they claim are free “cracked” versions of premium financial graphing software for both Windows and Mac. How generous of them! 🎁

Segura noted in his blog post that the original poster’s involvement in the thread is quite intriguing, as they play the role of the “helpful” guide to users who dare to ask questions or report issues. This extra effort to appear legitimate is instrumental in persuading a greater number of individuals to download these hazardous files. Bravo, dear scammers, bravo! 👏

Warning Signs Point To Malicious Software

According to Malwarebytes’ analysis, the infected files exhibit distinct warning signs that users should be aware of. Legitimate software does not employ the distribution method of double-zipped files with password protection, which is precisely the case with this malware. A classic blunder! 🕵️‍♂️

Another significant red flag is that the scammers often request users to disable their security software to execute the program. The poster’s “helpful” comments cleverly obscure the disclaimer that users download at their own risk, despite the post acknowledging this. How thoughtful of them! 🙄

Crypto Crime Becomes More Professional

Meanwhile, the trail of this attack leads to the most unexpected of locations. Malwarebytes discovered that the malware was hosted on a website owned by a cleaning company in Dubai, while the command and control server was registered in Russia just a week ago. Quite the international affair! 🌍

Chainalysis’s 2025 Crypto Crime Report describes a broader pattern in which crypto crime has “entered a professionalized era dominated by AI-driven schemes, stablecoin laundering, and efficient cyber syndicates.” This scam is but a mere cog in this grand machine. The report disclosed that illicit cryptocurrency transactions reached over $50 billion in the previous year. A staggering sum, indeed!

Read More

2025-03-20 19:44