隱藏在“破裂”的TradingView Premium中的新的加密偷走惡意軟件

網絡安全企業惡意軟件警告說，隱藏在“破解”的TradingView中的一種新形式的加密偷走惡意軟件

Cybersecurity firm Malwarebytes has warned of a new form of crypto-stealing malware being disguised as "cracked" versions of TradingView Premium, software that provides charting tools for financial markets.

網絡安全公司Malw​​arebytes警告說，一種新形式的加密式惡意軟件被偽裝成TradingView Premium的“破解”版本，該軟件為金融市場提供圖表工具。

The scammers were hanging out on crypto subreddits, posting links to Windows and Mac installers for "TradingView Premium Cracked," which was actually laced with malware to steal personal data and drain crypto wallets, Jerome Segura, a senior security researcher at Malwarebytes, said in a March 18 blog post.

Malwarebytes高級安全研究員Jerome Segura在3月18日的博客文章中說，Scammers正在掛在加密貨幣子雷數上，向Windows和Mac安裝程序發布了“ TradingView Premium Cracked”的鏈接，實際上，該鏈接與惡意軟件一起竊取了個人數據並排除了Crypto Wallets。

"We have heard of victims whose crypto wallets had been emptied and were subsequently impersonated by the criminals who sent phishing links to their contacts," Segura added.

Segura補充說：“我們聽說過加密錢包被清空的受害者，隨後被犯罪分子發起了與他們的聯繫聯繫的罪犯。”

The fraudsters claimed the programs were free and had been cracked directly from their official version, but they were actually riddled with malware. Source: Malwarebytes

欺詐者聲稱這些程序是免費的，並且直接從其正式版本中破解了，但實際上他們被惡意軟件煩惱。資料來源：惡意軟件

The programs unlocked premium features of the software and could be used to chart various financial markets, such as crypto and forex. The fibonnaci levels on the chart appear to indicate a strong rally in [[BTC/USD]].

該計劃解鎖了該軟件的高級功能，可用於繪製各種金融市場，例如加密貨幣和外匯。圖表上的纖維納基水平似乎表明[[BTC/USD]]中的強烈集會。

"The HEAT is on and we're about to explode higher!' one user commented on the post.

“熱量正在啟動，我們將爆炸更高！”一位用戶對該帖子發表了評論。

'I hope they don't shut down the server and we can continue to get these types of programs,' another user added.

另一位用戶補充說：“我希望他們不會關閉服務器，我們可以繼續獲取這些類型的程序。”

As part of the snare, the fraudsters claimed the programs were free and had been cracked directly from their official version. But the programs actually contained two malware programs, Lumma Stealer and Atomic Stealer.

作為工資圈的一部分，欺詐者聲稱這些程序是免費的，並直接從其正式版本中破解了。但是這些程序實際上包含了兩個惡意軟件程序，即盧瑪偷竊器和原子竊取器。

Lumma Stealer was an information stealer that had been around since 2022 and was said to mainly target cryptocurrency wallets and two-factor authentication (2FA) browser extensions. Atomic Stealer was first discovered in April 2023 and was known for being able to capture data such as administrator and keychain passwords.

盧瑪（Lumma）偷竊器是自2022年以來一直存在的信息竊取器，據說主要針對加密貨幣錢包和兩因素身份驗證（2FA）瀏覽器擴展。 Atomic Stealer於2023年4月首次發現，並以能夠捕獲諸如管理員和鑰匙扣密碼之類的數據而聞名。

Besides "TradingView Premium Cracked," the scammers offered other fraudulent trading programs to target crypto traders on Reddit.

除了“ Tradingview Premium破解”外，Scammers還提供了其他欺詐性交易計劃，以針對Reddit上的加密交易者。

Segura said one of the interesting aspects of the scheme was that the scammer also took the time to assist users in downloading the malware-ridden software and help resolve any issues with the download.

塞古拉說，該方案的有趣方面之一是，騙子還花了一些時間幫助用戶下載富含惡意軟件的軟件並幫助解決下載中的任何問題。

"What’s interesting with this particular scheme is how involved the original poster is, going through the thread and being ‘helpful’ to users asking questions or reporting an issue," Segura said.

Segura說：“這種特定方案的有趣之處在於原始海報的涉及方式，瀏覽線程以及對提出問題或報告問題的用戶'有用'。”

"While the original post gives a heads-up that you are installing these files at your own risk, further down in the thread, we can read comments from the Original poster."

“雖然原始帖子會提出您正在安裝這些文件的風險，但在線程中更進一步，我們可以閱讀原始海報的評論。”

In this case, the scammer sticks around to assist users in downloading the malware-ridden software. Source: Malwarebytes

在這種情況下，詐騙者會堅持下去，以協助用戶下載惡意軟件的軟件。資料來源：惡意軟件

The origin of the malware wasn'{~}s clear, but Malwarebytes found that the website hosting the files belonged to a Dubai cleaning company, and the malware command and control server had been registered by someone in Russia roughly one week ago.

惡意軟件的起源並不清楚，但是惡意軟件發現託管該文件屬於迪拜清潔公司的網站，而惡意軟件命令和控制服務器已在大約一周前在俄羅斯的某人註冊。

Segura says that cracked software has been prone to containing malware for decades, but the "lure of a free lunch is still very appealing."

塞古拉說，破裂的軟件數十年來一直容易包含惡意軟件，但是“免費午餐的誘惑仍然非常吸引人”。

Common red flags to watch out for with these types of scams are instructions to disable security software so the program can run and files that are password-protected, according to Malwarebytes.

根據Malwarebytes的說法，使用這些類型的騙局要注意的常見的危險信號是禁用安全軟件的說明，因此可以運行該程序和受密碼保護的文件。

Related: Microsoft warns of new remote access trojan targeting crypto wallets

相關：Microsoft警告新遠程訪問Trojan定位加密錢包

In this instance, Segura says the "files are double zipped, with the final zip being password protected. For comparison, a legitimate executable would not need to be distributed in such fashion."

在這種情況下，Segura說“文件是雙重Zip的，最終的Zip受密碼保護。

According to a recent report from blockchain analytics firm Chainalysis, crypto crime has entered a professionalized era.

根據區塊鏈分析公司鏈分析的最新報告，加密犯罪進入了一個專業的時代。

The firm's analysis of on-chain data showed that in 2023, there was an estimated $51 billion in illicit transaction volume. A majority of this activity could be attributed to a few large-scale cybercrime syndicates that were increasingly engaging in hybrid and convergent operations.

該公司對鍊鍊數據的分析表明，在2023年，非法交易量估計有510億美元。大多數這種活動可能歸因於一些越來越多地參與混合和收斂操作的大規模網絡犯罪集團。