Cybersecurity firm Malwarebytes has warned of a new form of crypto-stealing malware hidden inside a “cracked” version of TradingView Premium, software that provides charting tools for financial markets. 

The scammers are lurking on crypto subreddits, posting links to Windows and Mac installers for “TradingView Premium Cracked,” which is laced with malware aimed at stealing personal data and draining crypto wallets, Jerome Segura, a senior security researcher at Malwarebytes, said in a March 18 blog post.

“We have heard of victims whose crypto wallets had been emptied and were subsequently impersonated by the criminals who sent phishing links to their contacts,” he added.

As part of the snare, the fraudsters claim the programs are free and have been cracked directly from their official version, unlocking premium features. It actually contains two malware programs, Lumma Stealer and Atomic Stealer.

Lumma Stealer is an information stealer that’s been around since 2022 and primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions. Atomic Stealer was first discovered in April 2023 and is known for its ability to capture data such as administrator and keychain passwords.

Besides “TradingView Premium Cracked,” the scammers have offered other fraudulent trading programs to target crypto traders on Reddit. 

Segura said one of the interesting aspects of the scheme is that the scammer also takes the time to assist users in downloading the malware-ridden software and help resolve any issues with the download.

“What’s interesting with this particular scheme is how involved the original poster is, going through the thread and being ‘helpful’ to users asking questions or reporting an issue,” Segura said.

“While the original post gives a heads-up that you are installing these files at your own risk, further down in the thread, we can read comments from the Original poster.”