Summary
Incident Overview: Threat actors are using fake posts on Reddit, claiming that they have cracked the TradingView premium version of their trading platform. These malicious posts lead users to download malware-infected software.
Details:
- Target Platform: TradingView (a popular financial trading and cryptocurrency analysis platform).
- Distribution Method: Fake Reddit posts offering a "cracked" version of TradingView Premium.
- Malware Types Involved:
- Vidar Stealer: A malicious program that steals browser passwords, session cookies, and crypto wallet keys from Windows users.
- AMOS Stealer: A similar malware targeting macOS systems, which also extracts sensitive information such as credentials and cryptocurrency wallets.
Technical Details:
-
Windows Malware (Vidar):
- The download is a large ZIP file containing
wextract.exe, which spawnscmd.exewith delayed variable expansion. - Once executed, Vidar steals browser passwords, session cookies, and crypto wallet keys from various browsers like Chrome, Firefox, etc.
- The download is a large ZIP file containing
-
MacOS Malware (AMOS):
- The download is a disk image (
DMG) that mounts with a TradingView-branded
- The download is a disk image (
Read the full article at Cyber Security News
Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.
4
Contents
Ali NematiWritten by Ali
![[AINews] The Unreasonable Effectiveness of Closing the Loop](/_next/image?url=https%3A%2F%2Fmedia.nemati.ai%2Fmedia%2Fblog%2Fimages%2Farticles%2F600e22851bc7453b.webp&w=3840&q=75)
