Beware of ‘cracked’ TradingView — it’s a crypto-stealing trojan
Cybersecurity firm Malwarebytes has warned of a new form of crypto-stealing malware hidden inside a “cracked” version of TradingView Premium, software that provides charting tools for financial markets. The scammers are...
Archive context
Older archive item. Useful for background and entity history, but not a fresh market-moving signal.
Cybersecurity firm Malwarebytes has warned of a new form of crypto-stealing malware hidden inside a “cracked” version of TradingView Premium, software that provides charting tools for financial markets.
The scammers are lurking on crypto subreddits, posting links to Windows and Mac installers for “TradingView Premium Cracked,” which is laced with malware aimed at stealing personal data and draining crypto wallets, Jerome Segura, a senior security researcher at Malwarebytes, said in a March 18 blog post.
“We have heard of victims whose crypto wallets had been emptied and were subsequently impersonated by the criminals who sent phishing links to their contacts,” he added.
Fraudsters claim the programs are free and have been cracked directly from their official version, but they are actually riddled with malware. Source: Malwarebytes
As part of the snare, the fraudsters claim the programs are free and have been cracked directly from their official version, unlocking premium features. It actually contains two malware programs, Lumma Stealer and Atomic Stealer.
Lumma Stealer is an information stealer that’s been around since 2022 and primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions. Atomic Stealer was first discovered in April 2023 and is known for its ability to capture data such as administrator and keychain passwords.
Besides “TradingView Premium Cracked,” the scammers have offered other fraudulent trading programs to target crypto traders on Reddit.
Segura said one of the interesting aspects of the scheme is that the scammer also takes the time to assist users in downloading the malware-ridden software and help resolve any issues with the download.
“What’s interesting with this particular scheme is how involved the original poster is, going through the thread and being ‘helpful’ to users asking questions or reporting an issue,” Segura said.
“While the original post gives a heads-up that you are installing these files at your own risk, further down in the thread, we can read comments from the Original poster.”
In this case, the scammer sticks around to assist users in downloading the malware-ridden software. Source: Malwarebytes
The origin of the malware wasn’t clear, but Malwarebytes found that the website hosting the files belonged to a Dubai cleaning company, and the malware command and control server had been registered by someone in Russia roughly one week ago.
Segura says that cracked software has been prone to containing malware for decades, but the “lure of a free lunch is still very appealing.”
Common red flags to watch out for with these types of scams are instructions to disable security software so the program can run and files that are password-protected, according to Malwarebytes.
Related: Microsoft warns of new remote access trojan targeting crypto wallets
In this instance, Segura says the “files are double zipped, with the final zip being password protected. For comparison, a legitimate executable would not need to be distributed in such fashion.”
Blockchain analytics firm Chainalysis reported in its 2025 Crypto Crime Report that crypto crime has entered a professionalized era dominated by AI-driven scams, stablecoin laundering, and efficient cyber syndicates. In the past year, the analytics firm estimates there was $51 billion in illicit transaction volume.
Magazine: Ridiculous ‘Chinese Mint’ crypto scam, Japan dives into stablecoins: Asia Express
Why this matters
This cryptocurrency story adds another data point to the current market tape and is useful when read alongside nearby source coverage.
Original source
Read on CointelegraphRelated market context
Bitcoin slides toward $63,000 as Coinbase premium stays negative for a record 60 days
Bitcoin fell near $63,000 as chip stocks sold off, the Coinbase premium stayed negative a record 60 days, and ETF flows remain thi...
Three signs the US economy is on firmer footing, and what it means for crypto
US GDP growth hit 2.1% in Q1 2026, consumer spending climbed 0.7%, and recession odds fell to 25%. Here's what it means for crypto...
Florida man arrested for stealing $220K in crypto via Steam malware scheme
A 21-year-old Florida man was arrested for allegedly stealing $220K in crypto by embedding malware in Steam games, infecting 8,000...
Coinbase Bitcoin Premium Index negative for record 60 days
Coinbase Bitcoin Premium Index negative for 60 days. Ethereum reaching $10,000 by December 31, 2026 at 1.9% YES. The post Coinbase...
Injective files with SEC in push for onchain securities
Injective filed Form TA-1 with the SEC on July 16, 2026, seeking transfer agent registration to give on-chain ownership records le...
Across Protocol confirms Solana bridge attack, says user funds are safe
Across Protocol confirmed an attack on its Solana bridge deployment, disabling deposits while assuring users their funds remain sa...