New Reddit Scam Infects Users with Crypto-Stealing Malware Via Fake Trading Software

Cybersecurity experts have uncovered a new wave of crypto-stealing malware being distributed through Reddit, targeting users of TradingView, a popular platform for financial market analysis.

Criminals are luring victims with promises of free access to TradingView’s premium features, but the downloads are infected with malicious software designed to steal cryptocurrency.
According to cybersecurity firm Malwarebytes Labs, the attackers are posting links in Reddit communities frequented by crypto traders.

These links lead to infected Windows and Mac installers, carrying Lumma Stealer and a new variant of Atomic Stealer (AMOS), respectively. Both malware types are notorious for stealing crypto assets, enabling criminals to profit significantly.

Unlike previous attacks that used fake Reddit pages, this campaign operates on the official Reddit platform. The scammers claim to offer a cracked version of TradingView, warning users they install it “at your own risk.”

In one post, they wrote, “We’re more than a drop-off – we’re crafting a hub for traders chasing free tools and solid chats. This cracked TradingView is just the start,” as reported by Cybernews

To reassure victims, the criminals address concerns about Mac security warnings, stating, “Don’t worry, though – a real virus on a Mac would be wild, and I’ve never seen one sneak through like that!” They provide instructions on bypassing these warnings, further ensnaring unsuspecting users, as reported by Cybernews.

Once installed, the malware collects sensitive user data and sends it to a remote server. Victims have reported their crypto wallets being drained, and some were later impersonated by the attackers, who used their identities to send phishing links to others.

While the exact scale of losses remains unclear, the scheme highlights the risks of downloading cracked software.

Further investigation revealed that the malware files are hosted on the website of a Dubai cleaning company.

“Both Mac and Windows files are double-zipped, with the final zip being password-protected. For comparison, a legitimate executable would not need to be distributed in such a fashion,” researchers explained.

“Cracked software has been prone to containing malware for decades, but clearly the lure of a free lunch is still very appealing,” the researchers concluded.

They advised users to avoid disabling security software, downloading password-protected files, or trusting dubious platforms. This incident serves as a stark reminder to stay vigilant online, especially when offers seem too good to be true.