Inauthentic Reddit posts offering free access to the popular charting platform TradingView have been published using multiple aged and compromised accounts to facilitate the distribution of the Vidar and Atomic macOS Stealer payloads on Windows and macOS systems, respectively, as part of an ongoing campaign, Cyber Security News reports.At least five subreddits were discovered to contain the posts, which purport reverse engineering of TradingView and the removal of license checks, as well as include separate Windows, macOS, and macOS 15 download links, a report from Hexastrike analysts showed. Clicking on the Windows link prompts the download of an archive file with a purposefully bloated executable, which deploys the Receipt.gif batch script that reconstructs the Vidar infostealer. On the other hand, the macOS link facilitates the download of a disk image that shows a typical app installer with TradingView branding.Averting such a threat necessitates the inclusion of identified distribution domains to web proxy and DNS blocklists, said researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds