Scammers are using cracked versions of TradingView Premium to drain crypto wallets.
The app is disguised as a “cracked” version of the real TradingView Premium app. Downloads of the malware infused versions are being distributed via Reddit and have often been found in cryptocurrency sub Reddits.
Victims have reported having their entire crypto wallets emptied. They were then impersonated by the scammers, who used their details to send out phishing attempts encouraging the victims’ contacts to download and install the infected app.
Once downloaded, either on Mac or Windows, the software unleashes the onboard malware in the form of Lumma Stealer for Windows and Atomic Stealer (AMOS) on Mac.
Microsoft Flags Trojan Malware Targeting MetaMask, Phantom and Coinbase Wallets
Microsoft security researchers have identified a new malware threat targeting popular crypto wallet extensions including MetaMask and Phantom. The StilachiRAT remote access trojan was first discovered in November 2024 and has since been deeply analyzed to reveal the depth of this threat. Specifically, it can target crypto wallets. MetaMask, Coinbase, Phantom, Keplr and more could be at risk as the RAT is able to scan for cryptocurrency wallet extensions in the Google Chrome browser. It can then...
Analysis of the code shows that the AMOS attack exfiltrates user data to a server hosted in the Seychelles. This data includes passwords and 2FA information.
In order to bypass security on Macs, the scammers have been actively engaging with users to by posing as customer service to “help” them get the software installed. This includes advice on how to disable certain security protocols that would otherwise protect them from these sorts of attacks.
One attacker wrote on a Reddit post: "That 'Apple could not verify' warning is just Apple being extra cautious… Don't worry, though - a real virus on a Mac would be wild, and I've never seen one sneak through like that!" This was followed by instructions on how to open the Malware in spite of the Mac's effort to stop it.
Bybit Hackers Turn to Crypto Mixers After $1.4B Theft, 7.6% of Funds 'Gone Dark': CEO
Hackers behind the $1.4 billion Bybit theft have begun using multiple crypto mixers to obscure their tracks, according to an executive summary released by the exchange’s CEO Ben Zhou on Wednesday. Zhou revealed that the threat actors have employed a combination of Wasabi, CryptoMixer, Railgun, and Tornado Cash to launder portions of the 500,000 ETH stolen last month. Some 193 BTC has already entered mixers, primarily Wasabi, before moving to various peer-to-peer vendors. "Decoding mixer transact...
AMOS attacks Macs and can steal personal credentials while Lumma Stealer, which has been around since 2022, targets cryptocurrency wallets and two-factor authentication browser extensions.
Jérôme Segura, a senior security researcher at Malwarebytes, wrote in a blog post: "What’s interesting with this particular scheme is how involved the original poster is."
Despite this being a slightly more direct approach, this type of crime is not new. Blockchain analytics firm Chainalysis estimates there was $51 billion in illicit transaction volume in the past year.
Edited by Stacy Elliott.
