Documents obtained by WIRED show the US Department of Defense is considering cutting up to 75 percent of workers who stop the spread of chemical, biological, and nuclear weapons.

US agencies responsible for preventing the global proliferation of weapons of mass destruction and building security capacity around the world are facing deep cuts, perhaps total abolition, as the Trump administration continues its assault on any and all spending going overseas.

According to a draft working paper provided to WIRED, the Department of Defense is asking all its agencies and services that conduct “security cooperation” programs to consider the impact if the Pentagon were to “realign” its funding. The authors of the paper warn that the cuts could hobble the fight against organized crime in South America, impair the battle against the Islamic State, increase the likelihood of a rogue state producing and using chemical weapons, and defund pandemic surveillance measures.

The working paper is in response to a request for information from Secretary of Defense Pete Hegseth, asking agencies to assess the consequences of four levels of staff reduction—25 percent, 50 percent, and 75 percent cuts, or outright abolition.

This cost-cutting exercise is being conducted in response to a January 20 executive order from President Donald Trump, mandating that departments and agencies review all foreign aid programs. But the DOD review is going well beyond foreign aid. According to the working paper, the Defense Department looks set to make cuts to all humanitarian assistance, security cooperation, and cooperative threat-reduction efforts. The DOD has made clear that all spending ought to align with the secretary’s three priorities: deterring China, increasing border security, and pushing allies to shoulder more of the burden. It is not clear what role, if any, Elon Musk’s so-called Department of Government Efficiency (DOGE) is playing in these workforce reduction decisions.

**Pandemics and Weapons of Mass Destruction**

In response to the Pentagon’s request for information, the agencies contemplated lower bounds of cuts of 20, 40, and 60 percent—a counter-offer, the Pentagon source says, because officials in these agencies see a 60 percent cut as a “red line” that would still severely hurt global and domestic security.

A 20 percent reduction in funding, the memos say, would reduce some mine-clearance efforts in former war zones, significantly hurt programs to surveil and prevent infectious disease outbreaks in Africa, and worsen biosafety and biosecurity programs at biological laboratories worldwide, among other losses.

A 40 percent reduction would limit funding for counter-extremism programs in Africa and the Middle East, close all mine-clearance operations, shut down programs to intercept and prevent the development of weapons of mass destruction, and completely shut down biological surveillance programs.

A 60 percent cut would be significantly more severe, according to the memo. It would fundamentally eliminate America’s role in preventing the spread of chemical, biological, and nuclear weapons, the documents warn, and increase the likelihood of a lab accident or theft of potentially dangerous biological material.

The secretary of defense also asked the agencies to game out the consequences of fully shutting down some of their operations—a move, the agencies claim, that would defund border security measures and anti-drug-trafficking efforts.

One of the agencies targeted by this spending review is the Defense Threat Reduction Agency (DTRA), which leads counter-proliferation efforts on chemical, biological, and nuclear threats, both on its own and with US allies. In recent years, DTRA took the lead on destroying chemical weapons in Syria, helped secure 10 metric tons of highly enriched uranium in Kazakhstan, and worked with the Ukrainian government to upgrade security at its infectious disease laboratories.

A Pentagon source tells WIRED that if cuts on the higher end of the proposed spectrum are made, DTRA will effectively end. “Anything more than a 60 percent cut cripples the program,” they say. The source, who requested anonymity because they are not authorized to discuss the spending review, claims a total elimination of these programs is also on the table.

"All reductions increase risk to US due to pathogen spread and easier adversary pathways to develop WMD,” the memos read.

The secretary of defense declined to comment for this story, with a spokesperson writing, “We will not comment on internal deliberations.”

The cost-savings of these cuts would be relatively marginal compared to the Pentagon’s $850 billion budget. The Department of Defense only spends about $19 billion on humanitarian assistance, security cooperation, and cooperative threat-reduction programs, including DTRA—of that, the proposed cuts would eliminate between $5 billion and $15 billion. Because many of these programs are funded via congressional earmark, it’s not clear the Pentagon has the authority to cut and reappropriate their funding.

Trump and Hegseth have previewed defense cuts, promising to reduce spending by $50 billion—about 8 percent of the Pentagon’s nonlethal budget, Hegseth has said.

These cuts could also have a domino effect on other programs that are run in conjunction with the State Department and other agencies. One long-standing project facing cuts under this review is the State Partnership Program, which sends National Guard members to liaise and train with friendly militaries abroad. This program has historically been particularly popular with Republican members of Congress. But it, like dozens of other Pentagon activities, faces steep cuts or outright abolition.

A source with knowledge of the funding review says that a decision has yet to be made about the exact level of these cuts, and that meetings are ongoing to decide which agencies or programs will be hit and how hard. A final decision is due in mid-April, at the end of the 90-day window set out in the January 20 executive order. Sources inside the Pentagon who work on security cooperation say they are fearful that the cuts will be severe.

**Burst Bubble**

The people who work to stop the spread of dangerous material insist that these programs are not foreign assistance at all—they are all about domestic and global security.

DTRA, for example, currently works with 35 nations, helping to upgrade their biosafety and biosecurity practices while also helping them destroy dangerous biological samples. Much of this work takes place in veterinary clinics, which often treat and collect samples from sick livestock, making them the front line of infectious disease outbreaks. This work, in recent years, has included many of the African nations hit by Ebola.

Partnering with local health authorities not only helps prevent the next epidemic, but it also makes sure that these virological samples are kept secure—“so it's not accidentally going to leak out of these public health facilities or not be stolen by a terrorist,” Robert Pope, director of Cooperative Threat Reduction at DTRA, explained in a 2022 interview.

DTRA’s staff operate as an “early warning system,” a congressional staffer tells WIRED, ahead of any deployment of the US military, they say. While it may not be a traditional kind of military power, they add, it should still fit into this administration’s priorities. “It secures our border from pathogens.”

An independent analysis conducted for the Pentagon in 2022 found that these threat reduction programs are “well-positioned to respond quickly to emerging \[weapons of mass destruction\] threats; its authorities are unique and fill an existing gap.”

Programs like DTRA ought to be expanded, not cut, says Gigi Gronvall, a professor at the Johns Hopkins Center for Health Security. These are primarily national security programs, she says, designed to “give ourselves the eyes and ears around the world to put out those fires, or prevent them from happening in the first place.”

If you don’t put out the fire—whether it’s a novel infectious disease or a chemical weapons program in a rogue state—it will keep growing, Gronvall adds. “We have areas of the world that don’t have fire departments,” she says. “By helping them help themselves, we are helping them step up.”

**‘A Fire Sale on Expertise’**

The Pentagon’s threat reduction efforts, and the DTRA itself, stem from the work of former US senators Sam Nunn, a Democrat, and Richard Lugar, a Republican, to secure weapons of mass destruction after the fall of the Soviet Union. America, through their work, destroyed thousands of ballistic missiles and nuclear warheads, disposed of tens of thousands of pounds of chemical weapons, and dismantled Soviet bioweapon laboratories. In 1998, DTRA was formally created and given a more expensive mandate to both track and destroy chemical and biological threats while also helping other nations do the same.

For its work, DTRA has been targeted by Russian disinformation efforts, with Moscow accusing America of producing biological weapons in these DTRA-funded labs. Following the full-scale Russian invasion of Ukraine in 2022, conspiracy theorists in America picked up that thread, suggesting the invasion was cover to destroy these bioweapons labs.

Fears about DTRA’s work have since been raised by Health and Human Services secretary Robert F. Kennedy Jr., director of national intelligence Tulsi Gabbard, and Russia itself. Republican senator Rand Paul has repeatedly issued subpoenas to the DTRA looking for evidence that it has been engaged in dangerous virological research and suggesting that it may have had a hand in creating Covid-19.

“When Russia was attacking that program, it was doing so because it wanted to erode our national security,” Gronvall says. Russia may not believe these lies, she adds, but “they have been enormously successful in getting people with power to believe these things.”

Last year, the United States accused Russia of using prohibited chemical weapons in its war on Ukraine. According to this working paper, the proposed cuts to the DTRA could eliminate America’s ability to investigate and attribute such chemical weapons attacks in Eastern Europe.

Investigating and attributing these attacks is a form of deterrence, Gronvall says. Without this capability, she adds, “it means you’re going to see a lot more chemical weapons used.”

The United States believes that Russia, North Korea, and other rogue states have active biological weapons programs. Despite that, no state has actually deployed a biological weapon since the adoption of the Biological Weapons Convention. Gronvall is worried that dismantling the DTRA could weaken that prohibition. “I would worry that that would be something we would see,” she says.

The working paper warns that reducing this funding could surrender ground to Russia and China, which may try and fill the void left by the US. That could see Moscow and Beijing move in to partner with foreign militaries, cooperate with these biological facilities, and even recruit new scientists.

“It’s going to be a fire sale on expertise,” Gronvall says, “and that is helping China, 100 percent.”

Pentagon Cuts Threaten Programs That Secure Loose Nukes and Weapons of Mass Destruction

Removing 24 malicious apps from the Google Play store and silencing some servers has almost halved the BadBox botnet.

Removing 24 malicious apps from the Google Play store and silencing some servers almost halved a botnet known as BadBox.

The BadBox botnet focuses on Android devices, but not just phones. It also affects other devices like TV streaming boxes, tablets, and smart TVs.

The German BSI (Federal Office for Information Security) started the disruption campaign in December by blocking the malware on 30,000 devices. BadBox is referred to as a botnet, because one of its capabilities is to set up the affected device to act as a proxy, allowing other people to use the device’s internet bandwidth and hardware to route their own traffic.

This traffic can for example serve in DDoS attacks or as a platform to spread fake news and disinformation. But BadBox can also steal two-factor authentication (2FA) codes, install further malware, and perform ad fraud.

Unfortunately, the 30,000 devices cut off by the BSI were only the tip of the iceberg. Estimates say there may be as many as one million affected devices. These devices have not necessarily been infected by installing malicious apps. It’s been suggested that Chinese manufacturers hide firmware backdoors in their devices, BadBox being one of them.

The BSI said it found:

> “The BadBox malware was already installed on the respective devices when they were purchased.”

According to Satori Threat Intelligence researchers:

> “Devices connected to the BADBOX 2.0 operation included lower-price-point, “off brand”, uncertified tablets, connected TV (CTV) boxes, digital projectors, and more. The infected devices are Android Open Source Project devices, not Android TV OS devices or Play Protect certified Android devices.”

Off brand devices are devices which do not carry any specific brand name that you might recognize. They are often cheap and made by small manufacturers.

Following the botnet’s development after the German disruption, the researchers found new Command and Control (C2) servers which hosted a list of APKs targeting Android Open Source Project devices similar to those impacted by BadBox.

As part of the disruptions, the servers that were controlling the botnet have been sinkholed, which basically means that the traffic between those servers and the botnet clients gets redirected so it will no longer arrive at the intended destination.

**How to stay safe**

This disruption will likely not be the end of the story. The botnet operators will adapt again and rebuild their infrastructure. Given their supply chain of compromised devices the botnet will resurface soon enough.

So here are a few things you can do:

*   Check you don’t have the apps ‘Earn Extra Income’ and ‘Pregnancy Ovulation Calculator’, which had over 50,000 downloads each. You can recognize the malicious apps from the publisher name Seekiny Studio. If you find them on your device, remove them immediately.
*   Protect your Android devices with an active security solution that can remove malicious apps and block malicious traffic.
*   Google Play Protect automatically warns users and blocks apps known to exhibit BadBox 2.0-associated behavior at install time on Play Protect certified Android devices with Google Play Services. If a device isn’t Play Protect certified, carefully study its origin before purchasing it.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Android botnet BadBox largely disrupted 

### Summary
The ChecksumCalculator class within  allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases (e.g., SHA-1, CRC32, and SSDEEP). These algorithms, while possibly valid for certain non-security-critical tasks, can expose users to security risks if used in scenarios where strong cryptographic guarantees are required.

### Requirement from NIST
Requirement from NIST regarding SHA1

https://csrc.nist.gov/projects/hash-functions#:~:text=NIST%20deprecated%20the%20use%20of,use%20of%20the%20SHA%2D1.

> Federal agencies should use SHA-2 or SHA-3 as an alternative to SHA-1.
> Further guidance will be available soon. Send questions on the transition to sha-1-transition@nist.gov.

https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm

### Mitigation and Fix
Make it clear to developers and users that the ChecksumCalculator is specific to the "Known File Filter" (KFF) document similarity feature and is not intended to suggest or endorse global use as a cryptographically secure hashing or checksum mechanism.

While these specific default insecure algorithms can not be updated without violating the intended use-case, it can be clearly documented and prevented using better access modifiers in the ChecksumCalculator class.

### Details
Within ChecksumCalculator.java, the following points raise potential security concerns:

SHA-1:
SHA-1 has been widely deprecated for cryptographic purposes due to known collision attacks.
The constructor defaults to "SHA-1" if no specific algorithm is provided.
CRC32:
CRC32 is a simple checksum mechanism, not a cryptographic hash function. It is unsuitable for security-critical integrity checks since it can be easily manipulated or collided.
SSDEEP (Fuzzy Hashing):
SSDEEP is a context-specific tool used for similarity matching and may not be a secure cryptographic function for authentication or tamper detection.
There is no apparent mechanism to prevent developers from using these weaker algorithms in security-sensitive contexts. Users of emissary who rely on ChecksumCalculator for strong security guarantees (e.g., data integrity or authentication) may be misled into assuming these algorithms provide adequate protection.

### PoC
Code could be found https://github.com/NationalSecurityAgency/emissary/blob/main/src/main/java/emissary/kff/ChecksumCalculator.java

### Impact
Impact
Weakened Security Posture: Applications integrating Emissary may inadvertently use these algorithms in a way that could be exploited (e.g., collisions in SHA-1, trivial collisions in CRC32).
Misleading Assurance: Developers might assume Emissary’s recommended defaults are secure for cryptographic validation, which can result in insecure implementations.
Potential for Collision Attacks: Attackers could craft inputs that yield the same SHA-1 hash or manipulate CRC32 sums, thus bypassing naive integrity checks.
Because this project is produced under the NSA umbrella, users may have an inflated trust in its security posture, potentially leading them to rely on these algorithms in high-security environments without recognizing the associated risks.

**Summary**

The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases (e.g., SHA-1, CRC32, and SSDEEP). These algorithms, while possibly valid for certain non-security-critical tasks, can expose users to security risks if used in scenarios where strong cryptographic guarantees are required.

**Requirement from NIST**

Requirement from NIST regarding SHA1

https://csrc.nist.gov/projects/hash-functions#:~:text=NIST%20deprecated%20the%20use%20of,use%20of%20the%20SHA%2D1.

> Federal agencies should use SHA-2 or SHA-3 as an alternative to SHA-1.  
> Further guidance will be available soon. Send questions on the transition to sha-1-transition@nist.gov.

https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm

**Mitigation and Fix**

Make it clear to developers and users that the ChecksumCalculator is specific to the "Known File Filter" (KFF) document similarity feature and is not intended to suggest or endorse global use as a cryptographically secure hashing or checksum mechanism.

While these specific default insecure algorithms can not be updated without violating the intended use-case, it can be clearly documented and prevented using better access modifiers in the ChecksumCalculator class.

**Details**

Within ChecksumCalculator.java, the following points raise potential security concerns:

SHA-1:  
SHA-1 has been widely deprecated for cryptographic purposes due to known collision attacks.  
The constructor defaults to "SHA-1" if no specific algorithm is provided.  
CRC32:  
CRC32 is a simple checksum mechanism, not a cryptographic hash function. It is unsuitable for security-critical integrity checks since it can be easily manipulated or collided.  
SSDEEP (Fuzzy Hashing):  
SSDEEP is a context-specific tool used for similarity matching and may not be a secure cryptographic function for authentication or tamper detection.  
There is no apparent mechanism to prevent developers from using these weaker algorithms in security-sensitive contexts. Users of emissary who rely on ChecksumCalculator for strong security guarantees (e.g., data integrity or authentication) may be misled into assuming these algorithms provide adequate protection.

**PoC**

Code could be found https://github.com/NationalSecurityAgency/emissary/blob/main/src/main/java/emissary/kff/ChecksumCalculator.java

**Impact**

Impact  
Weakened Security Posture: Applications integrating Emissary may inadvertently use these algorithms in a way that could be exploited (e.g., collisions in SHA-1, trivial collisions in CRC32).  
Misleading Assurance: Developers might assume Emissary’s recommended defaults are secure for cryptographic validation, which can result in insecure implementations.  
Potential for Collision Attacks: Attackers could craft inputs that yield the same SHA-1 hash or manipulate CRC32 sums, thus bypassing naive integrity checks.  
Because this project is produced under the NSA umbrella, users may have an inflated trust in its security posture, potentially leading them to rely on these algorithms in high-security environments without recognizing the associated risks.

**References**

*   GHSA-hw43-fcmm-3m5g
*   NationalSecurityAgency/emissary@da3a81a
*   https://github.com/NationalSecurityAgency/emissary/releases/tag/8.24.0

GHSA-hw43-fcmm-3m5g: Emissary May Use a Broken or Risky Cryptographic Algorithm

Task scams are increasing in volume. We followed up on an invitation by a task scammer to get a first hand look on how they work.

Tasks scam are surging, with a year over year increase of 400%. So I guess it should have been no surprise when I was contacted by a task scammer on X recently.

Task scammers prey on people looking for remote jobs by offering them simple repetitive tasks such as liking videos, optimizing apps, boosting product interest, or rating product images. These tasks are usually gamified—organized in sets of 40 tasks that will take the victim to a “next level” once they are completed. Sometimes the victim will be given a so-called double task that earns a bigger commission.

The scammers make the victim think they are earning money to raise trust in the system. But, at some point, the scammers will tell the victims they have to make a deposit to get the next set of tasks or get their earnings out of the app. Victims are likely to make that deposit, or all their work will have been for nothing.

So when the task scammer contacted me on X to offer me a nice freelance job, I was keen to see where it would take me.

Beginning the message with emojis, Birdie started the chat…

Group invitation on X

> “\[emoji intro\] Hello, I am a third-party agency from the UK, specializing in providing ranking and likes services for Booking+Airbnb hotel applications. The company is now recruiting freelancers worldwide. You only need a mobile phone to easily get it done, and the time and location are flexible. The daily salary is 100-300€, and the monthly salary of formal employees is 3000-10000€. Note (this article is not suitable for students under 22 years old, and African and Indian employees cannot be hired due to remittance issues) For more details please see the WhatsaPP link: \[shortened bit.ly URL\]”

In this case, I was asked to contact the scammer on WhatsApp, but I’ve also seen the same campaign asking the victims to reach out on Telegram.

Invitation to a Telegram conversation

The Telegram invitation was a bit more limited (European and American female users only) but extended to a larger group of 150 accounts on X. What the ones that reached out to me had in common was that they all found my profile on X. Mind you, my profile is not some honeytrap, it clearly says I blog for Malwarebytes.

So, last week I was up for some distraction and decided to follow up on the WhatsApp invitation which was still live. I reset an old phone to factory settings and bought a burner SIM card. With that phone in hand, I set up a Gmail account and installed WhatsApp. I added Birdie Steuber to my contacts with the phone number I found by following the URL. Then I reached out asking if they still had openings.

The bait was taken within minutes: hook, line, and sinker.

introductions

So, Birdie is actually Tina from Sheffield in the UK. The job is available and does not require any special skills or experience. Tina tells me all you need is internet access and you can start working for booking.com.

Next is a long-winded explanation of what the job entails with another mention of the fortune you can make. I suspect the explanation is meant to be slightly confusing, knowing the general population would be embarrassed to ask for a better explanation and just will go ahead and carry out the tasks.

explanation?

More explanations about the job are followed by a quick query whether I will be able to buy USDT, the “hottest cryptocurrency in the world” as Tina described it. (It isn’t.)

USDT required

Tina then asks me to create an account on a fake booking.com website.

create an account on a fake booking(dot)com site

Here’s that site.

the fake booking site

Once I’d set that up, Tina set me up with a training account to learn the tasks. The actual tasks consist of clicking two buttons labelled “Start task” and “Submit” which gets mind-numbing really quick. But, hey, I was wasting a scammers’ time, so it was worth it.

That training account had a balance of over 1,000 USDT, probably to make the victim even more interested.

balance training account

What happened next is likely a demonstration of another tactic the scammers will use to get people to deposit more USDT: A lucky order!

lucky order

I was shown a prompt that I had run into “a 4% lucky order”, which Tina called a merge task that rendered a 4% commission.

Next followed an elaborate explanation on how Tina had to top up the balance to make up for the negative “Pending Amount” and asked me to contact customer support for instructions.

negative pending amount needs to be topped up

But to my surprise this was not what I was asked to do the next day when we continued our conversation. However, Tina quickly revealed how they were expecting to get 100 USDT from me.

> “I forgot to tell you, it takes 100usdt to complete a new round of 40/40 orders to reset 40 new orders. Because 100usdt is to optimize the hotel 100usd reservation fee. Once you complete the 40/40 order task you can withdraw all funds. This is to help the hotel increase the number of real bookings and exposure to earn commission income. The commission income per order is 0.5 per cent. 100usdt will probably get 40-60usdt after completing the 40/40 order task.”

After I completed my first 40 tasks, I was shown this notification letting me know I had reached the maximum number of tasks for the day, at which point I was expected to top op my account at my own expense.

Please contact customer service to recharge and refresh the task

Once I convinced Tina we had purchased 100 USDT, I was told to contact customer support for instructions.

The instructions were similar to the ones I received a day earlier. But at this point I had to terminate because I didn’t want to give the scammers any actual money.

Checking the balance on the account numbers they provided me with during our conversation showed there are likely others who are handing over money. And they very well may have many more accounts.

balance in the USDT accounts belonging to the scammers

These scams are likely designed to be confusing. The actual tasks were nowhere near as difficult as the explanation of what the job entailed.

In the end I revealed to Tina that I was the one that wrote an article about task scams, but Tina did not give up that easily. She kept trying to convince me there was money to be made.

If you’d like to read the whole conversation I had with Tina you can find it here.

****How to avoid task scams****

As I pointed out, all the task scam invitations I received came to me in the form of Message requests on X. So, that’s a good place to be very cautious. Once you know the red flags, it is easier to avoid falling for task scams.

*   Do not respond to unsolicited job offers via text messages or messaging apps
*   Never pay to get paid
*   Verify the legitimacy of the employer through official channels
*   Don’t trust anyone who offers to pay you for something illegal such as rating or liking things online

It’s also important to keep in mind that legitimate employers do not ask employees to pay for the opportunity to work. And as with most scams, if it sound to good to be true, it probably is.

If you run into a task scam, please report them to the FTC at ReportFraud.ftc.gov. 

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 I spoke to a task scammer. Here&#8217;s how it went 

Android's March 2025 security update includes two zero-days which are under active exploitation in targeted attacks.

Google has issued updates to fix 43 vulnerabilities in Android, including two zero-days that are being actively exploited in targeted attacks.

The updates are available for Android 12, 12L, 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.

You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you, but you can also check for them yourself.

For most phones it works like this: Under **About phone** or **About device** you can tap on **Software updates** to check if there are new updates available for your device, although there may be slight differences based on the brand, type, and Android version of your device.

If your Android phone shows patch level 2025-03-05 or later then you can consider the issues as fixed.

Keeping your device as up to date as possible protects you from known vulnerabilities and helps you to stay safe.

**Technical details**

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs assigned to the two zero-days are:

CVE-2024-43093: A possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege (EoP) with no additional execution privileges needed. Exploitation of this vulnerability requires user interaction. Google confirms that CVE-2024-43093 has been under limited, targeted exploitation.

A file path filter is supposed to prevent access to sensitive directories on a device. In this case the ‘shouldHideDocument’ function. However, due to incorrect Unicode normalization, an attacker might be able to bypass this filter. Unicode normalization refers to the process of standardizing Unicode characters to ensure that equivalent characters are treated as the same. Flaws in this process can lead to security issues, such as bypassing the filter, allowing an attacker access to normally off-limits files, such as system configuration files or sensitive data.

The specific nature of the required user interaction is not detailed in the available information. Typically, user interaction might involve opening a malicious app or file, clicking on a link, or performing another action that triggers the exploit.

CVE-2024-50302: An issue in the Linux Kernel which allowed unauthorized access to kernel memory reportedly exploited in Serbia by law enforcement using Cellebrite forensic tools to unlock a student activist’s device and attempt spyware installation.

This flaw lies in the Linux kernel’s driver used by Android for Human Interface Devices and allows an attacker to unlock devices that they have physical access to. The flaw was used in a chain of vulnerabilities which Amnesty International’s Security Lab found on a device unlocked by Serbian authorities.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Android zero-day vulnerabilities actively abused. Update as soon as you can 

Malicious Google ads are redirecting PayPal users looking for assistance to fraudulent pay links embedding scammers' phone numbers.

We recently identified a new scam targeting PayPal customers with very convincing ads and pages. Crooks are abusing both Google and PayPal’s infrastructure in order to trick victims calling for assistance to speak with fraudsters instead.

Combining official-looking Google search ads with specially-crafted PayPal pay links, makes this scheme particularly dangerous on mobile devices due to their screen size limitation and likelihood of not having security software.

**Overview**

Scammers are creating ads impersonating PayPal from various advertiser accounts that may have been hacked. The ad displays the official website for PayPal, yet is completely fraudulent.

A weakness within Google’s policies for landing pages (also known as final URLs), allows anyone to impersonate popular websites so long as the landing page and display URL (the webpage shown in an ad) share the same domain.

The page victims are directed to has the following format:

paypal.com/ncp/payment/\[unique ID\]

This is PayPal’s “no-code checkout”, a feature for merchants to have a simple and yet secure option to take payments:

> Small businesses that want to accept payments online or in person can set up pay links, buttons, and QR codes to accept payments on the website. You don’t need a developer, coding knowledge, or a website to accept payments

Essentially, crooks are abusing this feature to create a bogus pay link. They can customize the page by creating various fields with text designed to trick users, such as promoting a fraudulent phone number as “PayPal Assistance”.

**Mobile experience**

Phones are the best medium for this type of scams due to the device’s constraints, but more than anything because that’s how victims will get in touch with bogus tech support agents.

In the screenshot below taken on an iPhone, we can see the top sponsored result from a Google search is impersonating PayPal. During our investigation, we often encountered more than one malicious ad, although they redirected to different kinds of pages, not abusing the same scheme.

Due to the reduced screen size, it would require scrolling past the ads and the AI Overview to see organic search results. This is not a coincidence of course, and is why search advertising is worth billions of dollars.

Screen size plays a factor again when users click on the ad and look at the browser’s address bar correctly identifying that the site is “**paypal.com**“. As we saw above, pay links are on the same domain as _paypal.com_, from which they inherit trust.

We did not follow-up with the provided phone number; however we believe it likely ends with victims handing over their personal information to scammers and getting fleeced.

**Conclusion**

Tech support scammers are like vultures circling above the most popular Google search terms, especially when it comes to any kind of online assistance or customer service.

We saw how easy it is to get an ad that mimics an official brand as long as the destination URL is on the same domain as the ad URL. The rest is just a matter of creativity on the part of scammers to forcefully inject their lure as spam, search queries, shopping lists, and more…

Whenever looking up an official phone number or website, it is safer to scroll past the ads and choose a more trusted organic link. There are also security solutions that can block ads and malicious links, such as Malwarebytes for mobile devices.

We have reported this campaign to Google and PayPal, but urge caution as new ads using the same trick are still appearing.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

**Indicators of Compromise**

Archived example:

https://urlscan.io/result/3ea0654e-b446-4947-b926-b549624aa8b0

Malicious pay links:

hxxps\[://\]www\[.\]paypal\[.\]com/ncp/payment/8X7JHDGLK9Z46  
hxxps\[://\]www\[.\]paypal\[.\]com/ncp/payment/7QUEXNXR84X3L  
hxxps\[://\]www\[.\]paypal\[.\]com/ncp/payment/BHR4AMJAPWNZW  
hxxps\[://\]www\[.\]paypal\[.\]com/ncp/payment/FTJBPVUQFEJM6  
hxxps\[://\]www\[.\]paypal\[.\]com/ncp/payment/2X92RZVSG8MUJ  
hxxps\[://\]www\[.\]paypal\[.\]com/ncp/payment/D8X74WYAM3NJJ

Scammers’ phone numbers:

1-802\[-\]309-1950  
1-855\[-\]659-2102  
1-844\[-\]439-5160  
1-800\[-\]782-3849

 PayPal&#8217;s &#8220;no-code checkout&#8221; abused by scammers 

Strong eCommerce customer service builds trust, boosts loyalty, and drives sales. Learn key strategies, best practices, and tools to enhance online support.

Great online customer support starts with the fundamentals that make shoppers feel valued and understood when they can’t see your face or walk into your store. The basics include responding quickly across multiple channels, writing in a friendly human tone (not corporate-speak), and making it super easy for customers to find help when they need it.

Mastering these foundational elements builds trust with online shoppers and sets the stage for turning one-time buyers into loyal repeat customers. According to WOW24-7, an e-commerce customer service outsourcing provider, recent studies highlight the impact of customer service quality on online shopping behaviour. In April 2024, reports indicated that 79% of consumers may choose not to buy from a brand again after a poor post-purchase experience.

****What is eCommerce Customer Service?****

Generally speaking, e-commerce customer service is a special department that helps and supports online businesses as you are shopping online. Think of it as the digital version of that helpful store employee, but instead of being face-to-face, they’re helping you through chat, email, or phone when you have questions about products, shipping issues, returns, or just need advice before buying something.

****Advantages of a Good eCommerce Customer Service****

Good online customer service is a total game-changer! It builds trust (super important when you can’t see products in person), turns angry customers into happy ones (like when your headphones arrived broken and they shipped new ones overnight), and makes people spend more money.

Plus, happy customers tell their friends – “one of our customer’s customers switched to a new skincare brand just because her friend raved about how they helped her find the right products for her skin type.”

****How To Provide a Stellar Customer Service: Tips For Online Support********1\. Prioritize Multiple Communication Channels****

To provide excellent customer service, be available wherever your customers want to reach you. That means providing various channels of support, including social media support. 

Some people hate phone calls but love texting, while others want to shoot a quick email or DM you on Instagram. The best online stores let me choose – like that clothing shop that lets me track my order through text, ask sizing questions on chat, or call them about complicated returns. It shows they respect how you prefer to communicate instead of forcing you to use their one preferred channel.

So, good customer service plays a key role in customer satisfaction, and it should be multichannel customer support. And what about you, how many channels does your brand offer to contact your team?

****2\. Empower Your Team with Knowledge****

Make sure your support team knows your products inside and out – they can’t help customers if they’re clueless themselves. Indeed, the product knowledge is essential. Create a searchable knowledge base where your team can quickly find answers instead of saying “Let me check on that” for every question.

Our customer, a tea company, has weekly “sip and learn” sessions where staff try new products and discuss common questions, which has cut their average response time in half. The ability to deliver almost instant answers to the customers’ questions. That’s what we call a start for the exceptional customer service. 

****3\. Implement a Full Self-Service System****

Give customers ways to help themselves with detailed FAQs, video tutorials, and searchable help centers available 24/7. That is super important for customer retention.

One of our customers, an electronics ecommerce business has this amazing interactive troubleshooting tool that walks you through fixing common issues before the customers even need to contact them. Just make sure to keep these resources updated – nothing’s more frustrating than outdated information that wastes customers’ time.  

****4\. Track Key Metrics and Analyze Performance****

You can’t improve what you don’t measure, so keep tabs on response times, customer satisfaction scores, and first-contact resolution rates. Look for patterns in customer complaints to fix underlying issues – like when that clothing store noticed a spike in size questions and added better measurement guides. Set goals for your customer service team based on these metrics, but don’t obsess over speed at the expense of actually solving problems properly.

Moreover, track and analyze your customer reviews and work with both positive customer reviews and negative ones. Here’s a tip for you: the leading ecommerce platforms also work with the so-called ‘middle customers’ (the ones that are neither positive nor negative. They are the easiest ones to become your true brand enthusiasts. 

****5\. Personalize the Customer Experience****

Use customer purchase history and preferences to make interactions feel special and relevant. One ecommerce brand, a book subscription service, remembers what genres you love and what you have already read, making their recommendations useful.

Simple touches made by your customer service representative like addressing customers by name and referencing their previous orders make people feel valued instead of just another ticket number in the queue. That is crucial if you want to be the brand that comes with the best customer service for ecommerce. 

****6\. Proactively Address Customer Issues****

A great customer service company does not wait for complaints, it reaches out when its support agents know there might be a problem. For instance, a clothing store emails you before you even notice that your package was delayed due to weather, offering options and a small discount or a free trial. 

Therefore, your customer service agent must watch social media mentions of your brand to catch issues before they escalate into full-blown problems. This customer service strategy builds trust and loyalty. 

****7\. Embrace Technology and Automation****

If you want to offer good customer service experiences, use chatbots to handle simple questions and AI to route complex issues to the right specialist. Add the frequently asked questions section to let your customers find all the answers to their questions without waiting for your reply and the personalization to help them if they contact you. 

A simple example: there’s a tech shop that uses automation to send perfectly timed setup guides after purchase, preventing tons of support calls. Just make sure there’s always an easy escape hatch to reach your ecommerce customer service team when the bot can’t help. That’s crucial if you want to deliver an excellent customer service. 

****8\. Offer Easy Returns and Exchanges****

Make returns painless with prepaid labels, clear instructions, and quick processing. Yes, in the world of e-commerce, you have to provide the customer with the possibility to return in a fast, easy and free manner.

Here’s an example. There’s a shoe company that includes a return label right in the box and lets you start the return process with a single text message. And here comes an interesting fact: Good return policies increase sales because people feel safer trying new products. 

****9\. Solicit and Respond to Feedback****

Actively ask customers how they’re doing through quick surveys after purchases or support interactions. Every ecommerce business will benefit from customer service tools or special support software that collects data about the quality of service and customer communications. 

Just a simple case from our experience. There’s a coffee subscription that sends a three-question survey after each delivery, and when somebody mentioned their packaging was excessive in the comments, they changed it within a month. Show customers that the feedback matters by implementing changes and letting them know. There’s a necessity to adapt to the changing world of customer satisfaction. 

****10\. Invest in Ongoing Training and Development****

Keep your ecommerce customer support team sharp with regular product training and customer service skill development. My cousin works at an online beauty store where they spend Friday afternoons practising tough customer scenarios and learning about new product ingredients. Well-trained agents solve problems faster and make customers happier.

****11\. Foster a Culture of Customer-Centricity****

Make customer happiness everyone’s job, not just the support team’s. One of our customers, a small electronics brand, believes that excellent service is critical and so it invites its engineers to join support calls monthly to hear customer struggles firsthand. Then their support system analyses the available customer needs and the online shopping experience and thinks of ways to improve service to customers.

Celebrate team members who go above and beyond for customers, and use customer stories in company meetings to keep their needs front and center.

****An Effective eCommerce Customer Service: Key Takeaways****

Great online customer service is crucial as it talks to your customers directly. It’s all about being focused on customer wants, needs, and expectations. Plus, since great service is important for brand success, multi-channel customer support has become the new normal for companies who want to boost the customer’s lifetime value. Response speed matters hugely, but the quality and personal touch of those responses turn one-time buyers into loyal fans who spread the word.

The best online stores use the right software like Intercom and technology to handle routine stuff while freeing up humans to solve complex problems with empathy and creativity to improve their customer experience. Track what’s working (and what isn’t) through customer feedback and solid metrics, then actually use that info to keep improving. Remember that in the digital world where competitors are just a click away, exceptional service isn’t just nice to have – it’s often your biggest competitive advantage. 

Therefore, these are the eCommerce Customer Service Best Practices that help you improve customer service and provide an amazing customer service experience. Just remember that true customer service means the real care of your customers, not just words.

****Customer Service Channels FAQ********Why is customer service important for e-Commerce businesses?****

It’s your digital storefront’s personality! Without face-to-face interaction, it’s hard to make your customers happy. When one of our customers launched her handmade jewellery store, her amazing response time and personalized packaging notes turned first-time buyers into repeat customers who shared her store all over social media. Plus, in a world where switching to a competitor takes one click, great service is often the only thing keeping customers loyal.

****What are the key challenges of providing online customer support?****

The biggest headache is managing customer expectations for instant 24/7 help when you’re a small team (or solo entrepreneur). Then there’s the challenge of explaining products people can’t touch or try on, handling shipping issues you don’t directly control, and building trust without in-person connections. For instance, a hot sauce company can struggle with international customers who fail to understand the cause of shipping delays until they create a visual tracking system that shows exactly where packages are stuck.

****How can I improve response times for customer inquiries?****

*   Create templates for common questions so you’re not typing the same shipping policy explanation fifty times a day.
*   Set up auto-responses that acknowledge messages immediately even if you’ll answer fully later.
*   Use a smartphone app connected to your help desk so you can quickly answer simple questions while on the go.
*   You can dramatically cut response times by creating a shared Google Doc where all staff will document weird questions and answers for everyone to reference.

****What are the best tools for managing eCommerce customer service?****

For small shops, Zendesk or Freshdesk are solid starting points that won’t break the bank. Gorgias is amazing if you’re on Shopify since it shows order history right alongside customer conversations. Help Scout has a super clean interface that’s easy for non-tech folks. The gaming stores often Intercom so they can chat with the customers right on their website while they are browsing, which saves from abandoning the cart multiple times.

****How can I handle difficult customers effectively?****

First, take a deep breath and remember it’s rarely personal. Listen fully before responding – sometimes people just want to be heard. Offer concrete solutions instead of excuses. Know when to give a little (like a small discount) to solve a bigger problem.

One more tip to keep in mind: if you have a super angry customer about shipping damage, remember that customer service is important and it’s imperative to react instantly. So, immediately send a replacement with a small bonus. That can help you turn your angry customer into the biggest Instagram advocate.

****What role does automation play in e-Commerce customer support?****

Automation handles the repetitive stuff so humans can focus on complex problems. Think automatic order confirmations, shipping updates, and chatbots that answer basic questions like “What’s your return policy?” The smart plant shop I order from automatically emails care instructions based on what I purchased and sends reminders when it’s time to report – this prevents tons of support questions while making me feel taken care of.

****How can live chat improve customer satisfaction?****

Live chat catches customers right when they’re considering a purchase but have questions – like when I was about to abandon a pricey camera purchase until their chat agent explained why it was worth the investment. It feels more immediate than email but less intrusive than phone calls. 

****What are the best practices for handling returns and refunds?****

Make your policy crystal clear and easy to find. Don’t make customers jump through hoops – include return labels in the original package if possible. Process refunds quickly once items are received. Be flexible when it makes sense – that clothing store that gave me store credit past their return window earned way more of my money long-term. The best companies view returns as opportunities to learn product issues and improve, not as losses to minimize.

****How can I measure the success of my ecommerce customer service?****

Track obvious stuff like response time and resolution time, but also watch customer satisfaction scores (quick post-interaction surveys) and Net Promoter Score (would they recommend you?). Look at repeat purchase rates after service interactions – my favourite coffee subscription saw that customers who had a resolved issue spent 20% more in the following six months than those who never had problems. Also, track how many support tickets you get per 100 orders – this should decrease as you improve product descriptions and FAQs.

****What are some common mistakes to avoid in online customer support?****

The biggest fails include: making customers repeat their problem to multiple agents, hiding contact information so people can’t easily reach you, using robotic templated responses without personalizing them, promising unrealistic shipping/delivery times, and not following up after resolving issues. My worst experience was with that electronics store that transferred me three times, made me re-explain my issue each time, then promised to call back and disappeared forever – I’ll never shop there again!

Featured Image via Pixabay

1.  The Basics of Ecommerce Cybersecurity
2.  Enhance customer experiences with Generative AI
3.  How Payment Orchestration Enhances Business Efficiency
4.  Software Support: 7 Essential Reasons You Can’t Overlook
5.  Future of eCommerce: Emerging Tech Shaping Online Retail in 2024

eCommerce Customer Service Tips For Online Support: The Basics

FortiGuard Labs discovers Winos 4.0 malware targeting Taiwan via phishing. Learn how this advanced threat steals data and…

FortiGuard Labs discovers Winos 4.0 malware targeting Taiwan via phishing. Learn how this advanced threat steals data and how to protect your Windows system.

Fortinet’s FortiGuard Labs has disclosed details of a new malware campaign targeting Taiwanese businesses. Reaching out to Hackread.com on this discovery, prior to its publishing on Thursday, researchers revealed that this campaign was discovered in January 2025 and deployed a highly advanced malware framework, known as Winos 4.0. This attack exhibited a high severity level, and utilized a multi-stage infection process, ultimately aiming to steal sensitive information for future malicious activities.

Further probing revealed that this malware specifically targeted Microsoft Windows platforms. A phishing email, carefully crafted to impersonate Taiwan’s National Taxation Bureau, served as the initial attack vector. This deceptive email claimed to contain a list of companies scheduled for tax inspections, urging recipients to forward the information to their financial departments. The attached file, disguised as an official document from the Ministry of Finance, contained a malicious DLL for the next attack stage.

The Deceptive PDF (Source: Fortinet)

The attack unfolded through a series of executable and dynamic link library (DLL) files. The ZIP file contained files that executed in a sequence: 20250109.exe, ApowerREC.exe, and lastbld2Base.dll.

“20250109.exe is a launcher originally used to execute the actual APowerREC.exe in ./app/ProgramFiles. The attacker created the same folder structure in the ZIP file and used a loader to replace ApowerREC.exe. The fake ApowerREC.exe does nothing but call a function imported from lastbld2Base.dll,” researchers explained in the blog post.

This DLL decrypts and executes shellcode, which contains configuration data including the command-and-control (C2) server address. The shellcode further implements optional features, such as permission escalation, anti-sandbox techniques (e.g. taking multiple screenshots to detect user activity, delaying execution if no user interaction was detected), and process window hiding. The malware downloads encrypted shellcode and the core Winos 4.0 module from the C2 server. This data was stored within the system’s registry for later decryption and execution.

The Attack Flow (Source: Fortinet)

The module initiates several malicious tasks, such as establishing persistence, bypassing UAC (User Account Control), collecting system information (including computer name, operating system version, and installing antivirus software), and disabling screen savers and power-saving features on the infected system.

In addition, the malware actively monitors and manipulates user activity. This includes capturing screenshots, logging keystrokes and clipboard contents (even connected USB devices with their insertion and removal logs), and modifying clipboard data based on predefined rules. It can also disable network connections for security software. Alternative attack chains were also observed, involving Python scripts and further shellcode injection techniques. These variations demonstrate the flexibility and adaptability of the Winos 4.0 framework.

Protecting yourself from sophisticated malware like Winos 4.0 requires being highly suspicious of unsolicited emails, especially those with attachments or links, avoiding opening compressed files (ZIP, RAR) attached to emails, as they are often used to deliver malware, and enabling real-time scanning to detect and block threats before they can infect your system.

“This attack follows a classic phishing pattern but with a fun twist around the trusted authority to invoke a reaction,” explains J. Stephen Kowski, Field CTO at SlashNext. “The threat actors cleverly exploit human psychology by creating urgency and curiosity, making recipients more likely to download malicious content.”

Beyond email security, Kowski highlights the importance of a multi-layered approach to defence. “Most organizations are now using managed file transfer systems that require registration and internal approval while simultaneously blocking zip attachments altogether. Combining user education with advanced threat detection technologies is key to stopping sophisticated social engineering attempts before they reach inboxes.”

Hackers Impersonate Taiwan’s Tax Authority to Deploy Winos 4.0 Malware

The Android app SafetyCore was silently installed and looks at incoming and outgoing pictures to check their decency.

Sometimes the updates we install to keep our devices safe do a little bit more than we might suspect at first glance. Take the October 2024 Android Security Bulletin.

It included a new service called Android System SafetyCore. If you can find a mention of that in the security bulletin, you’re a better reader then I am. It wasn’t until a few weeks later, when a Google security blog titled 5 new protections on Google Messages to help keep you safe revealed that one of the new protections was designed to introduce Sensitive Content Warnings for Google Messages.

Sensitive Content Warnings is an optional feature that blurs images that may contain nudity before viewing, and when an image that may contain nudity is about to be sent or forwarded, it will remind users of the risks of sending nude imagery and preventing accidental shares.

**Wait! What?**

Yes, there is now a service on my phone that checks whether your pictures are “decent enough” to send or share? I’m not oblivious to the many users that would be better off with such a service, but I’m not so sure they’d appreciate it.

However, what really concerned me is the fact that Google is looking at my incoming and outgoing pictures. I use end-to-end-encrypted (E2EE) messaging for a reason. The content is for me and the receiver, and no-one else, and that definitely includes Google.

But, again, no mention of SafetyCore in that blog or what will provide the Sensitive Content Warnings feature with the necessary data.

So, you can imagine the surprise and outrage when users found this service which doesn’t show up on the regular list of running applications that has permissions to do almost anything on the device.

And by looking up what this app called SafetyCore was all about, all of the above starts to make sense.

Google PlayStore says:

> “SafetyCore is a Google system service for Android 9+ devices. It provides the underlying technology for features like the upcoming Sensitive Content Warnings feature in Google Messages that helps users protect themselves when receiving potentially unwanted content. While SafetyCore started rolling out last year, the Sensitive Content Warnings feature in Google Messages is a separate, optional feature and will begin its gradual rollout in 2025. The processing for the Sensitive Content Warnings feature is done on-device and all of the images or specific results and warnings are private to the user.”

Google goes on to reassure:

*   The developer says that this app doesn’t collect or share any user data. 
*   The developer says that this app doesn’t share user data with other companies or organizations. 
*   The developer says that this app doesn’t collect user data.
*   The developer has committed to follow the Play Families policy for this app. 

Google promises that it only rates our pictures and does not collect or share them, but this feature has almost Artificial Intelligence (AI) written all over it. As we all know, an AI needs to be trained, and training an AI locally on your phone is hardly an option. I wish it had the necessary power, but it doesn’t.

I for one don’t see how the secretly installed service measures up to what the feature has to offer. But obviously everyone is entitled to their own opinion and the device is yours to do with as you please.

**How to uninstall or disable SafetyCore**

The good people at ZDNet provided instructions on how to get rid of SafetyCore or disable it if you would like to do so.

So, if you wish to uninstall or disable SafetyCore, take these steps:

1.  **Open Settings**: Go to your device’s Settings app
2.  **Access Apps**: Tap on ‘Apps’ or ‘Apps & Notifications’
3.  **Show System Apps**: Select ‘See all apps’ and then tap on the three-dot menu in the top-right corner to choose ‘Show system apps’
4.  **Locate SafetyCore**: Scroll through the list or search for ‘SafetyCore’ to find the app
5.  **Uninstall or Disable**: Tap on Android System SafetyCore, then select ‘Uninstall’ if available. If the uninstall option is grayed out, you may only be able to disable it
6.  **Manage Permissions**: If you choose not to uninstall the service, you can also check and try to revoke any SafetyCore permissions, especially internet access

Note: depending on the software version and manufacturer of your device, these instructions may be slightly off. I personally couldn’t test them because my Samsung has not received the October patch yet due to the patch gaps.

If you’d like to learn more about AI and encrypted messaging, we recommend listening to our podcast The new rules for AI and encrypted messaging, with Mallory Knodel (Lock and Code S06E01)

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Android happy to check your nudes before you forward them 

Cybersecurity threats in crypto are rising, from the Bybit hack to fake wallets stealing funds. Learn how to…

Cybersecurity threats in crypto are rising, from the Bybit hack to fake wallets stealing funds. Learn how to protect your assets with secure wallets and best practices.

Cryptocurrency has revolutionized finance forever, but it has also exposed users to cybercriminals and scams. From large-scale exchange breaches to malicious wallets sneaking into app stores, the risks are growing. If you’re in crypto, securing your assets is no longer optional; it’s a necessity.

****The Bybit Hack: A Wake-Up Call****

Just recently, Bybit, one of the world’s largest cryptocurrency exchanges, suffered a massive security breach. Hackers from the North Korean Lazarus Group managed to steal $1.4 billion in assets, once again proving that even well-established platforms are vulnerable. While Bybit has since taken action to reinforce security, this incident clearly shows why leaving funds on exchanges is a risk.

But, it’s not just ByBit. No exchange is “unhackable”. Even giants like Binance, KuCoin, and Mt. Gox have suffered devastating hacks in the past. These breaches highlight the importance of self-custody; if you don’t control your private keys, you don’t fully own your crypto.

****Malicious Wallets: A Silent but Growing Threat****

While exchange hacks grab headlines, a more stealthy and growing problem is the rise of fake and malicious crypto wallets on iOS and Google Play Store. These malicious apps pose as legitimate wallets but are designed to steal funds the moment users deposit their assets.

Researchers have found a surge in these fraudulent wallets, often disguised as clones of popular apps. They look identical to trusted wallets like MetaMask, Trust Wallet, or Coinbase Wallet, tricking unsuspecting users into transferring their funds straight to hackers.

This issue isn’t just limited to scam wallets, even some browser extensions and fake dApps have been caught injecting malicious scripts to drain wallets. The takeaway? Never download a crypto wallet without verifying its authenticity through the official website or developer page.

****A Booming Crypto Market Means More Targets for Hackers****

According to researchers at Best Wallet, a popular crypto wallet, as of January 2025, approximately 562 million people worldwide own cryptocurrencies, with 28% of adults in the United States, equating to 65 million people, holding crypto.

With such rapid adoption, hackers have more targets than ever. From phishing scams to SIM swap attacks, crypto theft is at an all-time high. If you own crypto, taking cybersecurity seriously is no longer an option, it’s a must.

****How to Protect Your Crypto From Hacks & Scams****

Securing your cryptocurrency is essential in an era of increasing cyber threats. Here are some must-follow security tips to protect your digital assets from hacks and scams.

****1\. Use a Reliable Crypto Wallet****

One of the safest ways to store your crypto is by using a self-custodial wallet. Avoid keeping funds on exchanges, as they are frequent targets for hackers. Instead, opt for hardware wallets like Ledger, Trezor, or Coldcard, which provide offline storage and enhanced security.

If you prefer a mobile or desktop wallet, stick to reputable providers such as MetaMask, Trust Wallet, or Exodus. However, before downloading any wallet, always verify the source; ensure it’s from the official website or developer page to avoid fake apps.

****2\. Enable Multi-Factor Authentication (MFA)****

Adding an extra layer of security with Multi-Factor Authentication (MFA) can protect your exchange and wallet accounts. Use Google Authenticator, YubiKey, or similar tools to prevent unauthorized access.

Avoid using SMS-based 2FA, as it’s vulnerable to SIM swap attacks, where hackers hijack your phone number to gain control of your accounts.

****3\. Beware of Phishing Attacks****

Phishing remains one of the most common tactics used by cybercriminals. Hackers often impersonate wallet providers or exchanges, tricking users into entering their credentials on fake websites or downloading malware-infected software.

To stay safe, always type the official website URL yourself instead of clicking on links sent via email or messages. If an offer or security alert seems suspicious, double-check with the official source before taking any action.

****4\. Keep Private Keys & Seed Phrases Offline****

Your private keys and seed phrases are the most critical elements of your crypto security. Never store them digitally or on cloud storage, as they can be easily compromised. Instead, write them down on paper and keep them in a secure location.

For even greater security, consider using metal backup storage instead of paper. This protects your seed phrase from damage due to fire, water, or physical deterioration.

****5\. Regularly Update Your Security Software****

Keeping your wallet software, antivirus, and operating system updated is crucial for patching security vulnerabilities. Cybercriminals exploit outdated software to gain access to systems, so regular updates help keep your assets safe.

Additionally, consider using privacy tools like VPNs and hardware firewalls to enhance your online security. These tools help protect against tracking, phishing attempts, and potential malware attacks targeting crypto users.

The Bybit hack and the rise of malicious crypto wallets show that crypto security is more critical than ever. If you own crypto, you’re a target, but with the right precautions, you can keep your funds safe.

Remember: Not your keys, not your crypto. Invest in a secure, reliable wallet, stay cautious with online downloads, and always double-check security measures before making transactions.

_**Editor’s Note:** This article is for informational purposes only and does not constitute investment or financial advice. Always do your own research before making financial decisions._

Tag

#ios