Beware: Compromised TradingView Premium Software Spreading Malware to Steal Users Data and Crypto Assets

Malicious actors are distributing a compromised version of TradingView Premium that contains malware capable of stealing users’ personal data and cryptocurrency assets. This was reported by experts from Malwarebytes.

“We’ve encountered cases where individuals had their crypto wallets drained, after which the perpetrators sent phishing links using the victims’ identities,” remarked Jerome Segura, a senior security researcher at the firm.

According to him, compromised installation files are being circulated in cryptocurrency sections on Reddit, disguised as a “free” hacked version of the official TradingView app for financial chart analysis.

In their Reddit thread, the criminals claimed that the software is compatible with both Mac and Windows and includes “all premium features.” They even offered “technical support” to those interested in downloading it.

In one instance, an alleged hacker advised a user to disregard MacOS warnings as “Apple’s excessive caution” against the hacked application lacking the proper digital signatures.

“Don’t worry, a real virus on Mac is a rare occurrence; I have never seen one sneak in like that,” assured the trader on Reddit.

Malwarebytes observed that the files proposed by the attackers contained the Lumma Stealer and Atomic Stealer viruses. The former is an info-stealer aimed at exploiting cryptocurrency wallets and browser application two-factor authentication data. The latter has been known since 2023 as a thief of saved passwords in operating systems.

The installers were hosted on a cleaning company’s server in Dubai, while the command server is “registered by someone from the Russian Federation.”

Experts noted that similar “free” versions of licensed software often carry malware and advised caution regarding such offers.

In March, researchers from Microsoft Incident Response discovered a new remote access Trojan, StilachiRAT, aimed at stealing cryptocurrencies and user credentials.