隐藏在“破裂”的TradingView Premium中的新的加密偷走恶意软件

网络安全企业恶意软件警告说，隐藏在“破解”的TradingView中的一种新形式的加密偷走恶意软件

Cybersecurity firm Malwarebytes has warned of a new form of crypto-stealing malware being disguised as "cracked" versions of TradingView Premium, software that provides charting tools for financial markets.

网络安全公司Malw​​arebytes警告说，一种新形式的加密式恶意软件被伪装成TradingView Premium的“破解”版本，该软件为金融市场提供图表工具。

The scammers were hanging out on crypto subreddits, posting links to Windows and Mac installers for "TradingView Premium Cracked," which was actually laced with malware to steal personal data and drain crypto wallets, Jerome Segura, a senior security researcher at Malwarebytes, said in a March 18 blog post.

Malwarebytes高级安全研究员Jerome Segura在3月18日的博客文章中说，Scammers正在挂在加密货币子雷数上，向Windows和Mac安装程序发布了“ TradingView Premium Cracked”的链接，实际上，该链接与恶意软件一起窃取了个人数据并排除了Crypto Wallets。

"We have heard of victims whose crypto wallets had been emptied and were subsequently impersonated by the criminals who sent phishing links to their contacts," Segura added.

Segura补充说：“我们听说过加密钱包被清空的受害者，随后被犯罪分子发起了与他们的联系联系的罪犯。”

The fraudsters claimed the programs were free and had been cracked directly from their official version, but they were actually riddled with malware. Source: Malwarebytes

欺诈者声称这些程序是免费的，并且直接从其正式版本中破解了，但实际上他们被恶意软件烦恼。资料来源：恶意软件

The programs unlocked premium features of the software and could be used to chart various financial markets, such as crypto and forex. The fibonnaci levels on the chart appear to indicate a strong rally in [[BTC/USD]].

该计划解锁了该软件的高级功能，可用于绘制各种金融市场，例如加密货币和外汇。图表上的纤维纳基水平似乎表明[[BTC/USD]]中的强烈集会。

"The HEAT is on and we're about to explode higher!' one user commented on the post.

“热量正在启动，我们将爆炸更高！”一位用户对该帖子发表了评论。

'I hope they don't shut down the server and we can continue to get these types of programs,' another user added.

另一位用户补充说：“我希望他们不会关闭服务器，我们可以继续获取这些类型的程序。”

As part of the snare, the fraudsters claimed the programs were free and had been cracked directly from their official version. But the programs actually contained two malware programs, Lumma Stealer and Atomic Stealer.

作为工资圈的一部分，欺诈者声称这些程序是免费的，并直接从其正式版本中破解了。但是这些程序实际上包含了两个恶意软件程序，即卢玛偷窃器和原子窃取器。

Lumma Stealer was an information stealer that had been around since 2022 and was said to mainly target cryptocurrency wallets and two-factor authentication (2FA) browser extensions. Atomic Stealer was first discovered in April 2023 and was known for being able to capture data such as administrator and keychain passwords.

卢玛（Lumma）偷窃器是自2022年以来一直存在的信息窃取器，据说主要针对加密货币钱包和两因素身份验证（2FA）浏览器扩展。 Atomic Stealer于2023年4月首次发现，并以能够捕获诸如管理员和钥匙扣密码之类的数据而闻名。

Besides "TradingView Premium Cracked," the scammers offered other fraudulent trading programs to target crypto traders on Reddit.

除了“ Tradingview Premium破解”外，Scammers还提供了其他欺诈性交易计划，以针对Reddit上的加密交易者。

Segura said one of the interesting aspects of the scheme was that the scammer also took the time to assist users in downloading the malware-ridden software and help resolve any issues with the download.

塞古拉说，该方案的有趣方面之一是，骗子还花了一些时间帮助用户下载富含恶意软件的软件并帮助解决下载中的任何问题。

"What’s interesting with this particular scheme is how involved the original poster is, going through the thread and being ‘helpful’ to users asking questions or reporting an issue," Segura said.

Segura说：“这种特定方案的有趣之处在于原始海报的涉及方式，浏览线程以及对提出问题或报告问题的用户'有用'。”

"While the original post gives a heads-up that you are installing these files at your own risk, further down in the thread, we can read comments from the Original poster."

“虽然原始帖子会提出您正在安装这些文件的风险，但在线程中更进一步，我们可以阅读原始海报的评论。”

In this case, the scammer sticks around to assist users in downloading the malware-ridden software. Source: Malwarebytes

在这种情况下，诈骗者会坚持下去，以协助用户下载恶意软件的软件。资料来源：恶意软件

The origin of the malware wasn'{~}s clear, but Malwarebytes found that the website hosting the files belonged to a Dubai cleaning company, and the malware command and control server had been registered by someone in Russia roughly one week ago.

恶意软件的起源并不清楚，但是恶意软件发现托管该文件属于迪拜清洁公司的网站，而恶意软件命令和控制服务器已在大约一周前在俄罗斯的某人注册。

Segura says that cracked software has been prone to containing malware for decades, but the "lure of a free lunch is still very appealing."

塞古拉说，破裂的软件数十年来一直容易包含恶意软件，但是“免费午餐的诱惑仍然非常吸引人”。

Common red flags to watch out for with these types of scams are instructions to disable security software so the program can run and files that are password-protected, according to Malwarebytes.

根据Malwarebytes的说法，使用这些类型的骗局要注意的常见的危险信号是禁用安全软件的说明，因此可以运行该程序和受密码保护的文件。

Related: Microsoft warns of new remote access trojan targeting crypto wallets

相关：Microsoft警告新远程访问Trojan定位加密钱包

In this instance, Segura says the "files are double zipped, with the final zip being password protected. For comparison, a legitimate executable would not need to be distributed in such fashion."

在这种情况下，Segura说“文件是双重Zip的，最终的Zip受密码保护。

According to a recent report from blockchain analytics firm Chainalysis, crypto crime has entered a professionalized era.

根据区块链分析公司链分析的最新报告，加密犯罪进入了一个专业的时代。

The firm's analysis of on-chain data showed that in 2023, there was an estimated $51 billion in illicit transaction volume. A majority of this activity could be attributed to a few large-scale cybercrime syndicates that were increasingly engaging in hybrid and convergent operations.

该公司对链链数据的分析表明，在2023年，非法交易量估计有510亿美元。大多数这种活动可能归因于一些越来越多地参与混合和收敛操作的大规模网络犯罪集团。