Malware Drains Crypto Wallets via Cracked TradingView App

decrypt.co

March 20, 2025 by Jhon E. Bermúdez

Heads up, crypto traders! Scammers are now preying on users by distributing hacked versions of TradingView Premium, and it’s a fast track to emptying your crypto wallets. This isn’t just any fake app; it’s sneakily disguised as a “cracked” version of the legitimate TradingView Premium. These infected downloads are making the rounds on platforms like

Malware-Drains-Crypto-Wallets-via-Cracked-TradingView-App.jpg

Heads up, crypto traders! Scammers are now preying on users by distributing hacked versions of TradingView Premium, and it’s a fast track to emptying your crypto wallets.

This isn’t just any fake app; it’s sneakily disguised as a “cracked” version of the legitimate TradingView Premium. These infected downloads are making the rounds on platforms like Reddit, often popping up in cryptocurrency-focused subreddits.

Unfortunately, victims are reporting the devastating experience of watching their entire crypto wallets get drained. But it gets worse – these scammers are then impersonating the victims themselves, using their stolen details to launch phishing attacks and trick even more people into downloading the infected app.

Once this malicious software is on your device, whether it’s a Mac or Windows computer, it immediately kicks into action, deploying malware. Windows users are hit with Lumma Stealer, while Mac users get targeted by Atomic Stealer (AMOS).

Security experts who analyzed the code discovered that the AMOS attack stealthily sends user data to a server hosted in the Seychelles. Worryingly, this stolen data includes everything from your passwords to your sensitive two-factor authentication information.

To bypass the strong security measures on Macs, these scammers are going the extra mile by directly engaging with users. Posing as helpful customer service, they “assist” victims in installing the fake software, even providing instructions on how to disable crucial security protocols that would normally block these kinds of attacks.

In one alarming Reddit post, an attacker brazenly wrote: “That ‘Apple could not verify’ warning is just Apple being extra cautious… Don’t worry, though – a real virus on a Mac would be wild, and I’ve never seen one sneak through like that!” This deceptive reassurance was followed by clear steps on how to override Mac’s security and install the malware anyway.

Both AMOS, targeting Macs and stealing personal logins, and Lumma Stealer, an older threat active since 2022, are dangerous. Lumma Stealer specifically focuses on cryptocurrency wallets and those handy two-factor authentication browser extensions we rely on.

Jérôme Segura, a senior security researcher at Malwarebytes, highlighted the dedicated approach of these scammers in a recent blog post, noting: “What’s interesting with this particular scheme is how involved the original poster is.”

While this scam is a bit more direct than usual, this type of cybercrime is sadly nothing new in the crypto world. Blockchain analytics firm Chainalysis estimates a staggering $51 billion in illicit transaction volume just in the past year.

Edited by Stacy Elliott.