Cybercriminals are using Reddit to spread the dangerous AMOS and Lumma Stealer viruses, luring victims with fake versions of TradingView. The main goal is to steal cryptocurrency wallets via infected files disguised as useful software.
The attackers create posts on cryptocurrency subreddits, offering “free lifetime access” to TradingView. They use fake websites and convincing answers to trick victims into downloading the infected archives.
– For Windows, Lumma Stealer is used, which is deployed via the malicious Costs.tiff.bat file, contacting a command-and-control server in Russia.
– For macOS, AMOS (Atomic Stealer) is distributed with a mechanism to scan for virtual machines to avoid analysis.
After infecting a device, the viruses steal cryptocurrency wallet data, user accounts, and distribute phishing links to their contacts.
AMOS and Lumma Stealer are well-known data-stealing programs that have been active since 2023. Fraudsters regularly use social networks and forums to distribute malware, including in the crypto community. Such campaigns have already emptied hundreds of wallets around the world.
Users should be wary of free software offers, especially if they are asked to disable antivirus or enter a password to unzip files. Software should be downloaded only from official sources, and cryptocurrency wallets should be protected with two-factor authentication.
124 
113 
127 