CaryptosHeadlines Media Has Launched Its Native Token CHT.
Airdrop Is Live For Everyone, Claim Instant 5000 CHT Tokens Worth Of $50 USDT.
Join the Airdrop at the official website,
CryptosHeadlinesToken.com
In recent crypto news, cryptocurrency traders are being targeted in a malware campaign spreading through Reddit, according to a new warning from cybersecurity firm Malwarebytes.
The attack distributes malicious versions of the popular trading platform TradingView. It consists of separate variants designed to compromise both Windows and Mac systems.
The malware operators are posting in cryptocurrency trading subreddits, offering supposedly “cracked” versions of TradingView Premium that claim to provide free access to premium features.
These posts include download links to infected software packages containing Lumma Stealer for Windows users and Atomic Stealer (AMOS) for Mac users.
These are two powerful malware families designed to steal sensitive data with a particular focus on cryptocurrency wallets.
Social Engineering Tactics Used on Reddit
The hackers have developed a social engineering approach on Reddit, where they not only create initial posts offering the “cracked” software but actively engage with potential victims in the comment threads.
This interaction includes reassuring responses to users who express security concerns.
In one example shared by Malwarebytes, when the subject of security was raised, the original poster commented that “a real virus on a Mac would be wild.”
The malicious downloads are hosted on a website. The website belonged to a Dubai cleaning company—rather than common file-sharing services like Mega.
Malwarebytes researchers note this unusual choice may indicate the attackers have compromised the site or have direct control over it.
This allows them to “upload and update their code directly via a server they control.”
Another red flag identified in the campaign is the distribution method of the malicious files.
Both the Windows and Mac versions are distributed as double-zipped archives with password protection.
Crypto News: Technical Analysis Reveals Powerful Data-Stealing Capabilities
Malwarebytes’ analysis of both malware variants shows capabilities designed specifically to target cryptocurrency users.
The Mac version uses a new variant of Atomic Stealer (AMOS). It has additional anti-analysis features to evade detection and prevent security researchers from studying its behavior.
The technical examination showed the data exfiltration mechanism used by the Mac malware, which sends stolen information via POST requests to a server with IP address 45.140.13.244, located in the Seychelles.
This server likely serves as the collection point for harvested credentials, wallet information, and other sensitive data.
The malware variants are designed to steal sensitive information from the victim’s computer. There’s particular focus on cryptocurrency wallet credentials, private keys, and authentication data.
Once this information is extracted, attackers can use it to transfer funds from the victim’s cryptocurrency holdings to wallets under their control.
Protective Measures and Warning Signs for Crypto Users
Malwarebytes has given several key warning signs that cryptocurrency traders should watch for to avoid falling victim to this and similar malware campaigns.
The cybersecurity firm emphasizes that “cracked software has been prone to containing malware for decades.
However, clearly the lure of a free lunch is still very appealing” to many users.
One of the most important red flags is instructions to disable security software before running the program.
The researchers warn users to never “disable the antivirus that’s trying to protect you.” This request is almost always an indication of malicious intent.
Password-protected archives represent another warning sign. Legitimate software distributors occasionally use password protection for specialized purposes.
However, in malware campaigns this technique is primarily used to prevent security scanners from analyzing the contents.
Both the Windows and Mac malware variants in this campaign were distributed in double-zipped, password-protected archives specifically to bypass security tools.
