Reddit Malicious Code Alert: Fake TradingView
- Attackers are using social engineering to trick users into downloading malicious software.
- Malware aimed at digital asset traders is being spread through Reddit, cybersecurity experts warn.
- According to a cybersecurity firm, malicious versions of the popular trading platform TradingView are being distributed on Reddit. these versions contain malware designed to infect users' systems.
Malware Targeting Digital Asset Traders Spreading Through reddit
Table of Contents
- Malware Targeting Digital Asset Traders Spreading Through reddit
- Malware Targeting Digital Asset Traders: A Reddit Threat
- What is the current threat to digital asset traders on Reddit?
- How are attackers spreading malware on Reddit?
- What is the purpose of Lumma Stealer and Atomic stealer (AMOS)?
- What are the social engineering tactics used by attackers?
- how does the malware steal data from users?
- What are the red flags to watch out for?
- How to protect yourself from this type of malware?
- Summary of Key Malware Characteristics
Attackers are using social engineering to trick users into downloading malicious software.
Malware aimed at digital asset traders is being spread through Reddit, cybersecurity experts warn.
According to a cybersecurity firm, malicious versions of the popular trading platform TradingView are being distributed on Reddit. these versions contain malware designed to infect users’ systems.
the attackers are posting messages enticing users with free access to premium features of TradingView. These posts include download links that lead to Lumma Stealer for Windows users and Atomic Stealer (AMOS) for Mac users.
Both are potent details-stealing malware programs designed to target digital asset wallets.
AMOS and Lumma info stealers have recently been distributed via Reddit posts targeting Mac and Windows users in the crypto space, draining their wallets and stealing personal data. one of the common lures is a cracked version of the popular trading platform TradingView.
Malwarebytes (@Malwarebytes) March 19,2025
The attackers are employing social engineering techniques to build trust with potential victims. They engage directly with users in the comments, attempting to reassure them.
In one instance, when a user raised security concerns, the attacker dismissed them, saying, if ther is a real virus in the Mac, it is a very rare work.
The infected installation file was uploaded to the website of a cleaning company headquartered in Dubai, rather than a common file-sharing platform. analysts suggest this indicates the attackers may have hacked the website or are operating it to directly upload and update code through their servers.
Another red flag is the file distribution method. Both the Windows and Mac versions were distributed as double-compressed ZIP files with password protection.
Technical Analysis: targeting Digital Asset Wallets
Analysis indicates that the malware targets digital asset users. The Mac malware is a new variant of Atomic Stealer with enhanced analysis avoidance, designed to prevent security researchers from analyzing its behaviour.
The malicious code transmits stolen data to a server located in Seychelles via a POST request. This server is used to collect sensitive data, including authentication information, wallet addresses, and login credentials.
The malware steals credentials for digital asset wallets, personal keys, and authentication information, allowing the attackers to transfer funds to their own wallets.
Security Warnings and Precautions
Experts advise digital asset users to be aware of several warning signs to avoid falling victim to similar malware campaigns.
A major red flag is being asked to disable security programs before running software. This is a common tactic used by malicious actors and should never be followed.
Password-protected compressed files are another warning sign. While legitimate software distributors may use password protection, malware dissemination often exploits this method to prevent security scanners from analyzing the contents.
In this campaign, both the Windows and Mac malware were distributed as double-compressed, password-protected files, likely to avoid detection.
This case highlights the risk of asset theft if digital asset users ignore security best practices and download software from untrusted sources. Users should avoid clicking on suspicious links or running unknown programs and ensure their security software is up to date.
Malware Targeting Digital Asset Traders: A Reddit Threat
This article provides a comprehensive overview of a recent malware campaign targeting digital asset traders, spreading through Reddit. Understanding the threats and knowing how to protect yourself is critical in the digital asset space.
What is the current threat to digital asset traders on Reddit?
Cybersecurity experts have warned about a malware campaign that targets digital asset traders. attackers are spreading malicious software through Reddit, specifically using fake versions of the popular trading platform TradingView.
How are attackers spreading malware on Reddit?
Attackers are using social engineering techniques to lure users into downloading malware. They post messages on Reddit offering free access to premium features of TradingView, including download links that lead to malicious software like Lumma stealer and Atomic Stealer (AMOS).
What is the purpose of Lumma Stealer and Atomic stealer (AMOS)?
Both Lumma Stealer (for Windows) and Atomic Stealer (AMOS,for Mac) are potent data-stealing malware programs designed to target digital asset wallets. They aim to steal sensitive information such as credentials,authentication details,and wallet keys.
Attackers engage directly with users in comments, attempting to build trust and dismiss security concerns. They might dismiss security concerns,claiming that a real virus is “a very rare work.” The infected files are also sometiems hosted on compromised websites, making them appear more legitimate.
how does the malware steal data from users?
The malware targets digital asset wallet credentials, personal keys, and authentication information. It transmits stolen data to a server located in Seychelles to collect sensitive data.
What are the red flags to watch out for?
Several warning signs can help digital asset users avoid becoming victims of this malware campaign:
Requests to Disable Security software: Never disable your security programs to run software.
Password-Protected Compressed Files: Be wary of double-compressed,password-protected files from untrusted sources.
Suspicious Download Links: Avoid clicking on links or running programs from unknown sources.
Compromised Websites: Pay close attention to the source of the download. Check for unusual website domains or compromised sites.
Unsolicited Offers: Be cautious of offers for free access to premium features, as these are often a lure.
How to protect yourself from this type of malware?
Keep Security Software Updated: Ensure your antivirus and security software are up to date.
Avoid Suspicious Links: Never click suspicious links or download files from unknown sources.
Be Skeptical: Be wary of unsolicited offers.
Enable Two-Factor Authentication (2FA): Always use 2FA on your digital asset accounts to protect your funds.
Download from Official Sources: Only download software from the official website or trusted sources.
* Scan Downloads: Scan all downloads with an antivirus program before running them.
Summary of Key Malware Characteristics
| Feature | Lumma Stealer (Windows) | Atomic Stealer (AMOS, Mac) |
| ——————— | —————————– | ————————————- |
| Target | Digital Asset Wallets | digital Asset Wallets |
| Distribution | Reddit Posts | Reddit Posts |
| File Type | Double-Compressed ZIP Files | Double-Compressed ZIP Files |
| Data Stolen | Credentials, Wallet Information| Credentials, Wallet Information |
| Purpose | Steal Digital Assets | Steal Digital assets |
| Social Engineering| Free Features of TradingView | Free Features of TradingView |