Hey there! If you’re active on Reddit, especially in crypto or trading communities, you might want to pay close attention to this. On March 19, 2025, Malwarebytes shared a critical warning on X (Twitter) about a sneaky scam targeting users with fake offers for a cracked version of TradingView, a popular platform for analyzing financial markets like stocks, forex, and cryptocurrencies. Let’s break it down in simple terms and explore what’s happening.

What’s the Scam About?

Scammers are posting on Reddit subreddits frequented by cryptocurrency traders, promising free lifetime access to TradingView’s premium features. These posts look tempting, offering tools like real-time data, advanced indicators, and multi-chart layouts—all for free. But here’s the catch: the download links they provide for Windows and Mac users aren’t what they seem. Instead of getting a legit cracked version, users are downloading malware known as AMOS (Atomic Stealer) for Mac and Lumma Stealer for Windows.

These info-stealers are nasty—they can drain your cryptocurrency wallets, steal personal data like passwords and login credentials, and even impersonate you to spread more phishing links. It’s a double whammy for anyone in the crypto space, where security is already a big concern.

How Does It Work?

The scam starts with a Reddit post (like the one Malwarebytes highlighted) that looks legit. It includes download links for both Windows and Mac versions of TradingView, hosted on a random site unrelated to TradingView itself—think a cleaning company’s website in Dubai, which is pretty suspicious! Here’s what happens next:

• For Windows Users: The file is a double-zipped, password-protected archive. When you unpack it, an obfuscated BAT file (a type of Windows script) runs, launching a malicious AutoIt script. This script sends your data to a server in the Seychelles via a POST request, exposing your sensitive info.
• For Mac Users: The installer is a new variant of AMOS, a macOS stealer. It’s smart enough to detect if it’s running in a virtual machine (VM) and stops if it is, making it harder to analyze. Once it runs, it steals your data the same way.

Both versions are designed to look like harmless software but are packed with malware to siphon off your information.

Why Target TradingView?

TradingView is a go-to tool for traders, especially in the crypto world, because it offers powerful charting and analysis features. Its premium version isn’t cheap, so the promise of a “cracked” free version is super appealing. Scammers know this and use it as bait to lure in unsuspecting users. This isn’t new—cracked software has been a common way to spread malware for years—but it’s especially dangerous in communities where people are handling valuable digital assets like cryptocurrencies.

How to Stay Safe

Malwarebytes, thankfully, has your back. Their software can detect and block these stealers on both Mac and Windows. But here are some general tips to protect yourself:

• Avoid Cracked Software: If something seems too good to be true—like free premium access to a paid tool—it probably is. Stick to official sources for downloads.
• Check the Source: Be skeptical of links on forums or social media, especially if they lead to unrelated or shady websites.
• Use Security Software: Tools like Malwarebytes can catch malware before it does damage. Keep your antivirus updated!
• Be Wary of Password-Protected Files: Legit software doesn’t usually come double-zipped with passwords. That’s a red flag.
• Educate Yourself: Learn about common scams in your community, like those targeting crypto traders on Reddit.

You can read more about this specific scam in Malwarebytes’ detailed research here.

What’s Next?

This isn’t just a one-off incident. Malwarebytes and other researchers, like @0xApollyon and @Poovarasan006, have noted that this scam isn’t limited to Reddit—it’s also popping up on YouTube, Instagram, and other platforms. The malware involved, like Lumma and AMOS, isn’t new, but it’s evolving, and scammers are getting creative with their lures.

If you’ve been targeted or think you might have downloaded something suspicious, act fast. Disconnect from the internet, run a full system scan with trusted security software, and consider reaching out to experts for help recovering any lost funds or data.

Final Thoughts

This TradingView malware scam is a stark reminder to stay vigilant online, especially in communities like crypto trading where big money is at stake. Scammers are getting smarter, but with a little caution and the right tools, you can keep your data and wallets safe. Share this info with your trading buddies on Reddit or X—awareness is your best defense!

If you want to dive deeper into cybersecurity trends or learn more about protecting your digital assets, check out resources from Malwarebytes here or follow experts like @Malwarebytes on X for real-time updates.