English
Arabic
Turkish
German
French
Spanish
Portuguese
Korean
Russian
Ukrainian
Vietnamese
Thai
Chinese (Simplified)
Indonesian
Italian
Greek
Japanese
Cybercriminals are spreading malware disguised as a free version of TradingView Premium, luring unsuspecting traders into installing software that drains their crypto wallets. Cybersecurity firm Malwarebytes has raised the alarm about this emerging threat, warning that scammers are actively targeting crypto subreddits to distribute malicious links.
Crypto Malware Spreading Through Reddit
According to Malwarebytes researcher Jerome Segura, fraudsters are embedding malware in Windows and Mac installers for a so-called “TradingView Premium Cracked” software. The malicious files, designed to steal sensitive information, have already led to financial losses for traders who downloaded them. Victims reported that their crypto wallets were emptied, and criminals even impersonated them to send phishing links to their contacts.
The deception is well-crafted, as scammers claim that the software is a fully unlocked version of TradingView Premium, offering advanced charting tools for free. However, it actually contains two forms of crypto-stealing malware: Lumma Stealer and Atomic Stealer.
How the Malware Works
Lumma Stealer, which has been in circulation since 2022, is notorious for targeting cryptocurrency wallets and compromising two-factor authentication (2FA) browser extensions. Meanwhile, Atomic Stealer, first detected in April 2023, specializes in harvesting administrator credentials and keychain passwords from infected systems.
Beyond TradingView, scammers have also been promoting other fraudulent trading programs, demonstrating a broader effort to exploit crypto traders. What sets this campaign apart is the level of engagement from the scammer. According to Segura, the original poster actively responds to user inquiries, offering assistance to ensure the malware is successfully downloaded and installed. This deceptive tactic builds trust while increasing the likelihood of infection.
Suspicious Origins and Red Flags
While the exact source of the malware remains unclear, Malwarebytes traced the hosting website back to a Dubai-based cleaning company. Additionally, the malware’s command and control server was registered in Russia just a week prior to the discovery.
Cracked software has long been a breeding ground for malware, yet many traders are still lured in by the promise of premium features for free. Malwarebytes advises users to be cautious of key warning signs, such as instructions to disable security software or files that are password-protected. In this case, the malware-laden files were double-zipped, with the final archive being password-protected—a tactic rarely seen in legitimate software distributions.
Rising Threats in Crypto Crime
The rise of AI-driven scams and increasingly sophisticated cybercrime tactics are reshaping the crypto landscape. According to blockchain analytics firm Chainalysis, the professionalization of crypto crime has led to $51 billion in illicit transactions in the past year alone. Their 2025 Crypto Crime Report highlights how stablecoin laundering and coordinated cyber syndicates are now dominant forces in online financial fraud.
As crypto adoption continues to grow, so do the risks associated with security breaches. Traders should remain vigilant, avoiding cracked software and verifying the authenticity of tools before installation. Cybersecurity awareness remains one of the most effective defenses against evolving threats in the digital asset space.
