Experts Warn of Malware-Infested TradingView Premium Software

Malicious actors are promoting a compromised version of TradingView Premium containing malware capable of stealing personal data and users’ crypto assets, according to experts from Malwarebytes.

“We have heard of victims whose crypto wallets were emptied, after which criminals sent phishing links on their behalf,” noted the firm’s senior security researcher, Jérôme Segura.

According to him, the compromised installation files are distributed through cryptocurrency sections on Reddit, masquerading as a “free” cracked version of the official TradingView app for financial charting.

In their Reddit thread, the perpetrators claimed the software is compatible with Mac and Windows and includes “all premium features.” They even offered “technical support” to some eager downloaders.

In one instance, a supposed hacker advised a user to ignore MacOS warnings as “Apple’s excessive caution” and a reaction to the cracked version of the app lacking proper digital signatures. 

“Don’t worry, a real virus on Mac is a rarity, I’ve never seen them slip through like this,” they assured a trader on Reddit. 

According to Malwarebytes, the files offered by the perpetrators contained the Lumma Stealer and Atomic Stealer viruses. The former is an infostealer targeting crypto wallets and two-factor authentication data in browser applications. The latter, known since 2023, is a thief of passwords stored in the OS. 

The installation packages were hosted on a server of a cleaning company in Dubai, while the control server was “registered by someone from Russia.”

Experts noted that such “free” versions of licensed software often come with malicious files and advised caution when considering such offers.

Back in March, researchers from Microsoft Incident Response discovered a new remote access trojan, StilachiRAT, aimed at stealing cryptocurrencies and user credentials.