Imagine finding a golden ticket online – free premium access to a tool you use daily, like TradingView. For many traders and financial analysts, TradingView Premium is an invaluable asset, offering advanced charting tools, real-time data, and exclusive features. This perceived “golden ticket” is precisely what threat actors are leveraging on Reddit to deliver potent infostealer malware, specifically Vidar and AMOS. This ongoing campaign targets unsuspecting users with promises of illicit free access, turning a desirable perk into a pathway for data theft and compromise.

The Deceptive Lure: Fake TradingView Premium Offers

The attackers behind this campaign exhibit a cunning understanding of their target audience. By creating fake Reddit posts promising free TradingView Premium access, they tap into a common desire among users to bypass subscription fees for valuable services. These posts are designed to appear legitimate, often mimicking the style and language of genuine community discussions. However, the underlying intent is far more sinister.

Once a user clicks on the malicious link within these deceptive posts, they are led down a path designed to download and execute malware. This sophisticated social engineering tactic preys on the natural human inclination for a good deal, transforming a seemingly harmless offer into a severe cybersecurity risk.

Vidar and AMOS: The Infostealer Arsenal

The campaign employs two distinct and highly effective infostealer malware families, carefully chosen to target different operating systems:

• Vidar Stealer (Windows): For users on Microsoft Windows, the payload is the notorious Vidar Stealer. Vidar is a multi-functional information stealer capable of exfiltrating a wide array of sensitive data. This includes browser data (cookies, saved passwords, autofill information), cryptocurrency wallet details, two-factor authentication (2FA) codes, and system information. It’s a formidable threat that can quickly compromise a user’s digital identity and financial assets.
• AMOS Stealer (macOS): Apple macOS users are not spared, as the campaign deploys AMOS Stealer (Atomic MacOS Stealer) against them. AMOS, much like its Windows counterpart, is designed to pilfer sensitive data from macOS systems. This can include browser data, cryptocurrency wallet information, and other personal files, making it a significant concern for the often-perceived “secure” macOS environment.

The fact that this operation is still active, with new posts continually appearing as older ones are removed, underscores the persistence and adaptability of the threat actors involved. This ongoing nature makes it a critical threat that users and cybersecurity professionals need to be aware of.

Understanding the Attack Vector and Impact

The primary attack vector here is classic social engineering combined with malware delivery. Reddit serves as the distribution platform, leveraging its vast user base and community-driven nature to spread the malicious links. The immediate impact on a compromised user can be devastating. Stolen credentials can lead to unauthorized access to various online accounts, including banking, email, and social media. Cryptocurrency wallet compromise can result in irretrievable financial loss. Furthermore, the exfiltration of personal and system information can be used for further targeted attacks or sold on dark web marketplaces.

There are no specific CVEs associated with Vidar or AMOS directly, as they are malware families rather than vulnerabilities within specific software. However, their methods often exploit common user vulnerabilities and system misconfigurations.

Remediation Actions and Prevention

Protecting yourself from this and similar infostealer campaigns requires a multi-layered approach to cybersecurity. Diligence and awareness are just as important as technical safeguards.

• Verify Offers: Always be skeptical of offers that seem too good to be true, especially those promising free premium access to paid services. Always verify the legitimacy of such offers directly on the official service provider’s website.
• Strong, Unique Passwords: Implement strong, unique passwords for all your online accounts. Consider using a reputable password manager to help generate and store these securely.
• Enable Multi-Factor Authentication (MFA): Activate MFA wherever possible, especially for financial and critical accounts. Even if your password is stolen, MFA adds an essential layer of security.
• Keep Software Updated: Ensure your operating system, web browsers, and all installed applications are kept up-to-date with the latest security patches. This helps close known vulnerabilities that malware might exploit.
• Use Reputable Antivirus/Endpoint Detection: Employ a high-quality antivirus or Endpoint Detection and Response (EDR) solution on both Windows and macOS devices. Keep its definitions updated to detect and block known malware.
• Be Cautious with Downloads: Never download software or executables from untrusted sources, particularly links found on social media or forums. Stick to official application stores or vendor websites.
• Educate Yourself: Stay informed about the latest cybersecurity threats and social engineering tactics. Awareness is your first line of defense.

Tools for Detection and Mitigation

Tool Name	Purpose	Link
Virustotal	Online file and URL analysis for malware detection	https://www.virustotal.com/
Malwarebytes	Endpoint protection and malware removal	https://www.malwarebytes.com/
Windows Defender	Built-in antivirus for Windows systems	(Standard Windows OS feature)
Zscaler ThreatLabz	Threat intelligence and research on emerging campaigns	https://www.zscaler.com/blogs/research

Conclusion

The Reddit campaign exploiting fake TradingView Premium offers highlights the constant cat-and-mouse game between threat actors and cybersecurity defenses. By preying on desires for free access, attackers are successfully deploying powerful infostealers like Vidar and AMOS across both Windows and macOS platforms. Staying vigilant, employing strong security practices, and verifying offers before clicking are essential steps in protecting your digital assets from such insidious threats. The seemingly innocuous promise of a premium upgrade can quickly turn into a costly security breach if not approached with caution.