Malware Hidden in Unofficial TradingView App Targets Crypto Wallets

A new wave of crypto theft has emerged, with scammers distributing malware-laden versions of the TradingView Premium app to unsuspecting users. Disguised as a legitimate “cracked” version of the popular trading platform, this malicious software has been circulating on Reddit, particularly within cryptocurrency trading focused communities.

Security researchers have identified the threat, noting its ability to empty crypto wallets and enable further phishing attacks by impersonating victims. Jérôme Segura, a senior security researcher at Malwarebytes, highlighted the unusual level of involvement from the original distributors, describing their hands-on approach as a standout feature of this scheme.

The fraudulent app, available for both Mac and Windows, unleashes distinct malware depending on the operating system. On Windows, it deploys Lumma Stealer, a known threat since 2022 that targets cryptocurrency wallets and two-factor authentication browser extensions. For Mac users, the attack comes via Atomic Stealer, also known as AMOS, which sends stolen data, including passwords and authentication details, to a server based in the Seychelles.

Once installed, the malware not only compromises the victim’s financial assets but also uses their identity to trick contacts into downloading the infected software, amplifying the scam’s reach. Reports from affected users confirm that entire crypto wallets have been drained, leaving them vulnerable to additional exploitation.

Scammers Exploit Trust with Fake Support

A key element of this operation involves direct engagement from the scammers, who pose as customer service representatives to assist with installation. On Mac systems, where security measures typically block unverified apps, attackers have been guiding users through steps to disable protective protocols.

In one Reddit post, a scammer dismissed Apple’s verification warning as overly cautious, reassuring users that bypassing it was safe and claiming genuine Mac viruses were rare. This tactic has proven effective in convincing users to lower their defenses, allowing the malware to take hold. The combination of technical deception and social engineering underscores the sophistication of this campaign, which preys on trust within online communities.

While this approach stands out for its direct interaction, crypto related crime is far from uncommon. According to blockchain analytics firm Chainalysis, illicit transactions totaled $51 billion over the past year, reflecting the persistent challenge of securing digital assets. The TradingView scam fits into this broader pattern, exploiting the popularity of trading tools and the allure of free premium software.

For users, the promise of accessing paid features at no cost has proven to be a costly lure, with losses extending beyond individual wallets to networks of contacts ensnared by phishing attempts. Security experts advise caution when downloading software from unofficial sources, emphasizing the need to verify authenticity and maintain robust system protections. As this threat continues to evolve, awareness remains a critical defense against such targeted attacks.