An alleged job scam, led by “Aiden” from “OpenAI,” recruited workers in Bangladesh for months before disappearing overnight, according to FTC complaints obtained by WIRED.

A Bangladeshi worker was eager to get started at their new OpenAI job—completing basic online tasks in exchange for consistent income, while getting into cryptocurrency investing at the same time. After connecting with the startup on Telegram and creating an account through a ChatGPT\-branded app, they invested crypto into the platform and began a months-long job working for “Aiden” from “OpenAI.”

The work was performed through the website “OpenAi-etc,” and internal conversations were held on Telegram. It was simple: Invest some crypto, complete a few tasks, and earn daily profits based on what was invested.

Over the course of this worker’s time with the company, mentors continuously encouraged them to invest more money into the fund and recruit more Bangladeshi people to the team. When the worker convinced over 150 to join and the mentors split the growing team of “brokers” into a hierarchy based on seniority, it all felt very real. The total crypto-investment fund for their team was around $50,000. After a devastating cyclone hit Bangladesh in May, company leaders supposedly helped those in need, further earning the trust of employees.

All seemed well until the morning of August 29, 2024, when everyone woke up to find that the website, all of their money, Aiden, and the other fake OpenAI employees had vanished overnight. The job, of course, was never with OpenAI at all, former workers say.

“I’ve seen similar scams where, at the beginning, you think you are making profit, and then basically you invest more and more,” says Shirin Nilizadeh, an associate professor at the University of Texas at Arlington who focuses on security and privacy. “Then, suddenly, you lose everything.”.

The story of the scammed “OpenAI” worker is from just one of 11 complaints about OpenAi-etc submitted to the US Federal Trade Commission by workers from Bangladesh last year, seven of which mention “Aiden.” Analysis of the complaints, obtained by WIRED through a public records request, reveal a potentially widespread job scam that used OpenAI’s name recognition to allegedly trick low-wage workers out of their savings. While some people describe getting started with OpenAi-etc in June or July, others believed they were working for the company for around six months.

The first FTC complaint obtained by WIRED, lodged over two months before the August 29 rug pull, says the complainant was invited by OpenAi-etc to invest around $170 in crypto. The person mentions an American registration number for the business, confirming it was in good standing with Colorado regulators and listing a physical office in Denver. The complaint also highlights a legitimate-looking money service business registered with the US Treasury’s Financial Crimes Enforcement Network, which lists the company’s location as an office inside the Empire State Building in New York City.

A WIRED review of domain name system records for the now-defunct OpenAi-etc website shows that it appears to have been hosted by a China-based web hosting company.

Jay Mayfield, a senior public affairs specialist at the FTC, declined WIRED’s request to confirm whether the group is looking into OpenAi-etc, saying that investigations are nonpublic. Mayfield did not answer additional questions about what steps the FTC is taking to prevent similar scams or provide better assistance for international victims.

“Regrettably, I found no available source online to know more about this organization except for those registrations,” wrote the complainant. “They are collecting huge amounts of investment from third world countries in Asia.”

One of the FTC complaints alleges that over 6,000 people in Bangladesh were potentially impacted by the OpenAi-etc job scam. The ages listed in the FTC complaints range from teenagers to people in their fifties, with locations spread across multiple Bangladesh cities, from Dhaka to Khulna.

“My next trading date was 29 August, 2024,” wrote another complainant. “I made the trade with my whole amount in the evening. But, suddenly, the OpenAI company vanished. I didn’t withdraw any money but lost both capital and profit. Now, I am in a great economic crisis, as I am a normal school teacher.”

Niko Felix, a spokesperson for OpenAI, declined to answer questions about whether the startup was previously aware of the “OpenAi-etc” scam, or if they planned to take action against the fraudsters. But he did share that OpenAI is investigating the matter. The alleged scam website is no longer available online, and WIRED was not able to contact the people behind "OpenAi-etc" prior to publication.

A Telegram spokesperson using the name Remi Vaughn tells WIRED that the company monitors its platform for scams, such as those allegedly carried out by OpenAi-etc, which used the messaging app to communicate with people who believed they were working for the company.

"Telegram actively moderates harmful content on its platform, including scams," Vaughn says in a statement sent to WIRED through the messaging platform. "Moderators empowered with custom Al and machine learning tools proactively monitor public parts of the platform and accept reports from users and organizations in order to remove millions of pieces of harmful content each day."

The usual pattern of a crypto job scam is to trick people into depositing some kind of digital currency into a fake account the victim believes they have control over, until the perpetrator drains it one day without warning. While this specific rug pull used OpenAI’s branding to allegedly dupe its victims, a crypto job scam can happen with the name of any company that has enough widespread recognition for criminals to capitalize on.

“These social engineering scams are designed to lower our natural suspicion and to make us complicit in our own deception,” says Arun Vishwanath, a cybersecurity expert and author of _The Weakest Link_. “For job scams, they try to turn our ambitions and inherent trust in brands into a vulnerability.” Similar to so-called pig butchering investment scams, a key component often includes direct messages over a long period of time to cultivate a sense of trust with the targets.

Although comparable job scams happen all over the world, Vishwanath believes that Asian cultural norms of so-called high power distance, where there’s more acceptance of interpersonal hierarchies, are a contributing factor. "Authorities are expected to ask you things and make you do things," he says. "And you just comply." Scammers are taking advantage of this by imitating authority figures and leaning into the sense of urgency inherent to searching for a job.

Bangladeshi citizens on the difficult hunt for reliable work have increasingly been targeted by job scammers in recent years. Lies about international job opportunities have left throngs of would-be workers stranded in Malaysia, and at least three cases of kidney organ theft were reported by people lured to India with false promises of work.

‘OpenAI’ Job Scam Targeted International Workers Through Telegram

In the epic US-Russian prisoner swap last summer, Vladimir Putin brought home an assassin, spies, and another prized ally: the man behind one of the biggest insider trading cases of all time.

This Russian Tech Bro Helped Steal $93 Million and Landed in US Prison. Then Putin Called

The stolen information included listed contacts, call logs, text messages, photos, and the device’s location.

A malicious app claiming to be a financial management tool has been downloaded 100,000 times from the Google Play Store. The app— known as “Finance Simplified”—belongs to the SpyLoan family which specializes in predatory lending.

Sometimes malware creators manage to get their apps listed in the official app store. This is a great benefit for them since it lends a sense of legitimacy to the app, and they don’t have to convince users to sideload the app from an unofficial site.

So, it gives them a much larger audience, they can lean on the trust we invest in the official app stores and users don’t have to do anything they might perceive as suspicious.

While Google has enhanced security measures in place—including AI-powered threat detection and real-time scanning— that are designed to detect and block malicious apps more effectively, the cat-and-mouse game between cybercriminals and security measures continues, with each side trying to outsmart the other.

In this case, the loan app evaded detection on Google Play, by loading a WebView to redirect users to an external website from where they could download the app hosted on an Amazon EC2 server.

Predatory lending is any lending practice where the borrower is taken advantage of by the lender. Predatory lenders impose lending terms that are unfair or abusive.

The apps in the SpyLoan family offer attractive loan terms with virtually no background checks. But when the apps are installed, they steal information from the victim’s device that can be used to blackmail the victim. Especially when they miss any payments on the loan.

Among the stolen information are listed contacts, call logs, text messages, photos, and the device’s location.

Although the app has now been removed from Google Play, it may continue to run on affected devices, collecting sensitive information in the background.

The researchers found that the app only targets users in India with the recommended loan applications and the redirect to an external website.

The information stolen from users could well be used for malicious purposes or sold to other cybercriminals.

Losing data related to a financial account can have severe consequences. If you find an app from this family or another information stealer on your device, there are a few guidelines to follow to limit the damage:

*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Consider not storing your card details**. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail 

A WIRED investigation goes inside the Telegram groups targeting women who joined “Are We Dating the Same Guy?” groups on Facebook with doxing, harassment, and sharing of nonconsensual intimate images.

In late January, a warning spread through the London-based Facebook group Are We Dating the Same Guy?—but this post wasn’t about a bad date or a cheating ex. A connected network of male-dominated Telegram groups had surfaced, sharing and circulating nonconsensual intimate images of women. Their justification? Retaliation.

On January 23, users in the AWDTSG Facebook group began warning about hidden Telegram groups. Screenshots and TikTok videos surfaced, revealing public Telegram channels where users were sharing nonconsensual intimate images. Further investigation by WIRED identified additional channels linked to the network. By scraping thousands of messages from these groups, it became possible to analyze their content and the patterns of abuse.

AWDTSG, a sprawling web of over 150 regional forums across Facebook alone, with roughly 3 million members worldwide, was designed by Paolo Sanchez in 2022 in New York as a space for women to share warnings about predatory men. But its rapid growth made it a target. Critics argue that the format allows unverified accusations to spiral. Some men have responded with at least three defamation lawsuits filed in recent years against members, administrators, and even Meta, Facebook’s parent company. Others took a different route: organized digital harassment.

Primarily using Telegram group data made available through Telemetr.io, a Telegram analytics tool, WIRED analyzed more than 3,500 messages from a Telegram group linked to a larger misogynistic revenge network. Over 24 hours, WIRED observed users systematically tracking, doxing, and degrading women from AWDTSG, circulating nonconsensual images, phone numbers, usernames, and location data.

From January 26 to 27, the chats became a breeding ground for misogynistic, racist, sexual digital abuse of women, with women of color bearing the brunt of the targeted harassment and abuse. Thousands of users encouraged each other to share nonconsensual intimate images, often referred to as “revenge porn,” and requested and circulated women’s phone numbers, usernames, locations, and other personal identifiers.

As women from AWDTSG began infiltrating the Telegram group, at least one user grew suspicious: “These lot just tryna get back at us for exposing them.”

When women on Facebook tried to alert others of the risk of doxing and leaks of their intimate content, AWDTSG moderators removed their posts. (The group’s moderators did not respond to multiple requests for comment.) Meanwhile, men who had previously coordinated through their own Facebook groups like “Are We Dating the Same Girl” shifted their operations in late January to Telegram's more permissive environment. Their message was clear: If they can do it, so can we.

"In the eyes of some of these men, this is a necessary act of defense against a kind of hostile feminism that they believe is out to ruin their lives," says Carl Miller, cofounder of the Center for the Analysis of Social Media and host of the podcast _Kill List_.

The dozen Telegram groups that WIRED has identified are part of a broader digital ecosystem often referred to as the manosphere, an online network of forums, influencers, and communities that perpetuate misogynistic ideologies.

“Highly isolated online spaces start reinforcing their own worldviews, pulling further and further from the mainstream, and in doing so, legitimizing things that would be unthinkable offline,” Miller says. “Eventually, what was once unthinkable becomes the norm.”

This cycle of reinforcement plays out across multiple platforms. Facebook forums act as the first point of contact, TikTok amplifies the rhetoric in publicly available videos, and Telegram is used to enable illicit activity. The result? A self-sustaining network of harassment that thrives on digital anonymity.

TikTok amplified discussions around the Telegram groups. WIRED reviewed 12 videos in which creators, of all genders, discussed, joked about, or berated the Telegram groups. In the comments section of these videos, users shared invitation links to public and private groups and some public channels on Telegram, making them accessible to a wider audience. While TikTok was not the primary platform for harassment, discussions about the Telegram groups spread there, and in some cases users explicitly acknowledged their illegality.

TikTok tells WIRED that its Community Guidelines prohibit image-based sexual abuse, sexual harassment, and nonconsensual sexual acts, and that violations result in removals and possible account bans. They also stated that TikTok removes links directing people to content that violates its policies and that it continues to invest in Trust and Safety operations.

Intentionally or not, the algorithms powering social media platforms like Facebook can amplify misogynistic content. Hate-driven engagement fuels growth, pulling new users into these communities through viral trends, suggested content, and comment-section recruitment.

As people caught notice on Facebook and TikTok and started reporting the Telegram groups, they didn’t disappear—they simply rebranded. Reactionary groups quickly emerged, signaling that members knew they were being watched but had no intention of stopping. Inside, messages revealed a clear awareness of the risks: Users knew they were breaking the law. They just didn’t care, according to chat logs reviewed by WIRED. To absolve themselves, one user wrote, “I do not condone im \[simply\] here to regulate rules,” while another shared a link to a statement that said: “I am here for only entertainment purposes only and I don’t support any illegal activities.”

Meta did not respond to a request for comment.

Messages from the Telegram group WIRED analyzed show that some chats became hyper-localized, dividing London into four regions to make harassment even more targeted. Members casually sought access to other city-based groups: “Who’s got brum link?” and “Manny link tho?”—British slang referring to Birmingham and Manchester. They weren’t just looking for gossip. “Any info from west?” one user asked, while another requested, “What’s her @?”— hunting for a woman’s social media handle, a first step to tracking her online activity.

The chat logs further reveal how women were discussed as commodities. “She a freak, I’ll give her that,” one user wrote. Another added, “Beautiful. Hide her from me.” Others encouraged sharing explicit material: “Sharing is caring, don’t be greedy.”

Members also bragged about sexual exploits, using coded language to reference encounters in specific locations, and spread degrading, racial abuse, predominantly targeting Black women.

Once a woman was mentioned, her privacy was permanently compromised. Users frequently shared social media handles, which led other members to contact her—soliciting intimate images or sending disparaging texts.

Anonymity can be a protective tool for women navigating online harassment. But it can also be embraced by bad actors who use the same structures to evade accountability.

"It’s ironic," Miller says. "The very privacy structures that women use to protect themselves are being turned against them."

The rise of unmoderated spaces like the abusive Telegram groups makes it nearly impossible to trace perpetrators, exposing a systemic failure in law enforcement and regulation. Without clear jurisdiction or oversight, platforms are able to sidestep accountability.

Sophie Mortimer, manager of the UK-based Revenge Porn Helpline, warned that Telegram has become one of the biggest threats to online safety. She says that the UK charity’s reports to Telegram of nonconsensual intimate image abuse are ignored. “We would consider them to be noncompliant to our requests,” she says. Telegram, however, says it received only “about 10 piece of content” from the Revenge Porn Helpline, “all of which were removed.” Mortimer did not yet respond to WIRED’s questions about the veracity of Telegram’s claims.

Despite recent updates to the UK’s Online Safety Act, legal enforcement of online abuse remains weak. An October 2024 report from the UK-based charity The Cyber Helpline shows that cybercrime victims face significant barriers in reporting abuse, and justice for online crimes is seven times less likely than for offline crimes.

"There’s still this long-standing idea that cybercrime doesn’t have real consequences," says Charlotte Hooper, head of operations of The Cyber Helpline, which helps support victims of cybercrime. "But if you look at victim studies, cybercrime is just as—if not more—psychologically damaging than physical crime."

A Telegram spokesperson tells WIRED that its moderators use “custom AI and machine learning tools” to remove content that violates the platform's rules, “including nonconsensual pornography and doxing.”

“As a result of Telegram's proactive moderation and response to reports, moderators remove millions of pieces of harmful content each day,” the spokesperson says.

Hooper says that survivors of digital harassment often change jobs, move cities, or even retreat from public life due to the trauma of being targeted online. The systemic failure to recognize these cases as serious crimes allows perpetrators to continue operating with impunity.

Yet, as these networks grow more interwoven, social media companies have failed to adequately address gaps in moderation.

Telegram, despite its estimated 950 million monthly active users worldwide, claims it’s too small to qualify as a “Very Large Online Platform” under the European Union’s Digital Service Act, allowing it to sidestep certain regulatory scrutiny. “Telegram takes its responsibilities under the DSA seriously and is in constant communication with the European Commission,” a company spokesperson said.

In the UK, several civil society groups have expressed concern about the use of large private Telegram groups, which allow up to 200,000 members. These groups exploit a loophole by operating under the guise of “private” communication to circumvent legal requirements for removing illegal content, including nonconsensual intimate images.

Without stronger regulation, online abuse will continue to evolve, adapting to new platforms and evading scrutiny.

The digital spaces meant to safeguard privacy are now incubating its most invasive violations. These networks aren’t just growing—they’re adapting, spreading across platforms, and learning how to evade accountability.

Inside the Telegram Groups Doxing Women for Their Facebook Posts

This week on the Lock and Code podcast… Insurance pricing in America makes a lot of sense so long as you’re...

_This week on the Lock and Code podcast…_

Insurance pricing in America makes a lot of sense so long as you’re one of the insurance companies. Drivers are charged more for traveling long distances, having low credit, owning a two-seater instead of a four, being on the receiving end of a car crash, and—increasingly—for any number of non-determinative data points that insurance companies use to assume higher risk.

It’s a pricing model that most people find distasteful, but it’s also a pricing model that could become the norm if companies across the world begin implementing something called “surveillance pricing.”

Surveillance pricing is the term used to describe companies charging people different prices for the exact same goods. That 50-inch TV could be $800 for one person and $700 for someone else, even though the same model was bought from the same retail location on the exact same day. Or, airline tickets could be more expensive because they were purchased from a more expensive device—like a Mac laptop—and the company selling the airline ticket has decided that people with pricier computers can afford pricier tickets.

Surveillance pricing is only possible because companies can collect enormous arrays of data about their consumers and then use that data to charge individual prices. A test prep company was once caught charging customers more if they lived in a neighborhood with a higher concentration of Asians, and a retail company was caught charging customers more if they were looking at prices on the company’s app while physically located in a store’s parking lot.

This matter of data privacy isn’t some invisible invasion online, and it isn’t some esoteric framework of ad targeting, this is you paying the most that a company believes you will, for everything you buy.

And it’s happening right now.

Today, on the Lock and Code podcast with host David Ruiz, we speak with Consumer Watchdog Tech Privacy Advocate Justin Kloczko about where surveillance pricing is happening, what data is being used to determine prices, and why the practice is so nefarious.  

“It’s not like we’re all walking into a Starbucks and we’re seeing 12 different prices for a venti mocha latte,” said Kloczko, who recently authored a report on the same subject. “If that were the case, it’d be mayhem. There’d be a revolution.”

Instead, Kloczko said:

> “Because we’re all buried in our own devices—and this is really happening on e-commerce websites and online, on your iPad, on your phone—you’re kind of siloed in your own world and companies can get away with this.”

Tune in today for the full conversation.

_Show notes and credits:_

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)  
Licensed under Creative Commons: By Attribution 4.0 License  
http://creativecommons.org/licenses/by/4.0/  
Outro Music: “Good God” by Wowa (unminus.com)

**Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.**

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

 Surveillance pricing is &#8220;evil and sinister,&#8221; explains Justin Kloczko (Lock and Code S06E04) 

Payment Orchestration Platforms streamline transactions by routing payments through multiple providers, reducing costs, boosting approval rates, and enhancing…

Payment Orchestration Platforms streamline transactions by routing payments through multiple providers, reducing costs, boosting approval rates, and enhancing security.

****How Does Payment Orchestration Work?****

A Payment Orchestration Platform (POP) functions as an intelligent intermediary between merchants and multiple payment service providers (PSPs). It facilitates seamless payment transactions by dynamically selecting the best route for each payment, optimizing approval rates, reducing costs, and enhancing security.

By leveraging real-time analytics and machine learning, POPs improve transaction efficiency by identifying the most reliable and cost-effective payment pathway. Additionally, advanced security protocols, such as tokenization and AI-driven fraud detection, protect customer data. With payment orchestration, businesses can scale efficiently while maintaining high-security standards and minimizing transaction failures.

****Core Functions of Payment Orchestration Services****

According to Akurateco, a payment orchestration service, core functions of payment orchestration services offer several functions:

*   **Multi-Provider Connectivity**: Payment orchestration platforms seamlessly integrate with multiple PSPs, acquirers, and alternative payment methods. Instead of requiring businesses to establish individual connections, the platform offers a single integration point that enables access to various payment providers. This flexibility ensures firms can easily expand into new markets without undergoing extensive technical adjustments.

*   **Intelligent Transaction Routing**: Dynamic payment routing directs each transaction to the optimal payment provider based on predefined parameters such as transaction amount, geographical region, historical approval rates, and real-time risk assessment. Businesses can enhance approval rates and reduce unnecessary payment processing fees by routing transactions through the most reliable and cost-effective channels.

*   **Security & Compliance**: Security remains a top priority in digital transactions. Payment orchestration platforms employ multiple layers of protection, including:
    *   **Tokenization and encryption** to safeguard sensitive payment information.
    *   **AI-powered fraud detection** to identify and mitigate suspicious transactions in real-time.
    *   **Multi-factor authentication (MFA)** for added security.
    *   **Compliance with global regulations,** such as PCI DSS 3.2 and GDPR, ensures businesses meet legal and industry standards.

*   **Automated Retry & Failover Mechanisms**: If a transaction fails due to provider issues, a Payment Orchestration Platform automatically retries the transaction with an alternative acquirer or PSP. This ensures continuity in payment processing, minimizes failed transactions and improves overall revenue retention. The automated failover mechanism is particularly beneficial for subscription-based businesses and eCommerce merchants, where transaction reliability directly impacts customer experience and retention rates.

*   **Real-Time Analytics & Reporting**: Payment orchestration platforms provide businesses with actionable insights through advanced analytics dashboards. Companies can track approval rates, monitor payment trends, and identify cost-saving opportunities in real time. This level of transparency allows merchants to optimize their financial strategies and make data-driven decisions to improve profitability.

****Business Benefits of Payment Orchestration****

*   **Increased Approval Rates**: By leveraging intelligent transaction routing and failover mechanisms, payment orchestration platforms significantly improve approval rates. Payments are directed to providers with the highest probability of success, reducing declines and enhancing customer satisfaction.

*   **Lower Payment Processing Costs**: Businesses can minimize transaction fees by selecting the most cost-effective payment service providers for each transaction. Competitive acquirer selection helps reduce unnecessary expenses, ultimately increasing profitability.

*   **Faster Market Expansion**: Supporting multiple payment providers and localized payment methods allows businesses to enter new markets without the technical challenges of integrating with multiple PSPs. This accelerates global expansion and ensures a seamless payment experience for international customers.

*   **Enhanced Customer Experience**: A smooth, frictionless payment process improves the overall customer journey. Businesses can foster trust and long-term customer relationships with reduced transaction failures, secure payments, and support for various payment options.

****Akurateco: A Leader in Payment Orchestration****

Akurateco is a cutting-edge white-label Payment Orchestration Platform designed to simplify and optimize payment processing. Offering strong fraud prevention, multi-acquirer support, and advanced analytics, Akurateco helps businesses manage their transactions efficiently and securely.

****Why Businesses Trust Akurateco****

*   **Smart Routing & AI Optimization** – Advanced algorithms analyze transaction patterns and direct payments to the most successful processing routes, improving approval rates and minimizing costs.

*   **Global Payment Method Support** – Seamless integration with leading international and local PSPs ensures businesses can accept payments across diverse markets without additional complexity.

*   **Advanced Fraud Prevention** – AI-powered fraud detection and risk assessment tools minimize fraudulent activities, protecting both businesses and customers.

*   **Scalable & Customizable Solutions** – Whether a startup or an enterprise, Akurateco offers tailored solutions that adapt to unique business needs, ensuring maximum flexibility and scalability.

*   **Seamless Integration & Real-Time Reporting** – The platform provides a single integration point, reducing technical overhead while offering comprehensive transaction insights to drive informed business decisions.

****Final Thoughts****

Adopting a Payment Orchestration Platform is crucial for businesses looking to simplify payment processing, reduce costs, and increase revenue. By consolidating payment providers, automating transaction routing, and enhancing security, payment orchestration platforms empower businesses to achieve seamless financial operations.

A leading provider like Akurateco offers innovative and secure payment solutions that enable companies to unlock new growth opportunities while ensuring reliable and secure transactions. Businesses that invest in payment orchestration today will be well-positioned to succeed in the competitive digital market of tomorrow.

Featured Image via Pixabay/Megan RX

How Payment Orchestration Enhances Business Efficiency

Crypto wallets are essential in keeping your cryptocurrency safe. There are different types of wallets available and choosing…

Crypto wallets are essential in keeping your cryptocurrency safe. There are different types of wallets available and choosing one can be confusing for so many investors. The three commonly used are mobile, desktop, and hardware wallets. 

Mobile and desktop wallets are called hot wallets, which means they are connected to the internet. Hardware wallets, on the other hand, are cold and thus don’t require Wi-Fi. However, all these wallets are non-custodial. You have the full responsibility of protecting your keys.

In this article, we will look at mobile, desktop, and hardware wallets to help you determine the best option for your investment. 

****Hardware Wallet****

Hardware crypto wallets offer offline protection. These are physical devices used to store your private keys. Since they are not connected to the internet or any other devices, hardware wallets are typically considered more secure, but they can be a little complicated to use. 

Modern hardware wallets are more refined. For example, if we look at the Tangem wallet review, you will learn that these devices are designed similarly to modern credit cards and use smartphone displays, making them convenient to carry around. 

Hardware wallets are ideal for large investments since they are highly secure and less susceptible to online attacks. It is best to buy these wallets from authorized dealers or the main company to avoid getting a counterfeit one. 

****Mobile Wallets****

Mobile crypto wallets are apps you can download on your phone to manage your cryptocurrency. It can be on your main phone or another mobile device. These wallets are very portable, enabling you to make transactions on the go. Most mobile wallets have a PIN and a recovery phrase to increase security. 

The major downside is walking around with your wallet is risky. You can easily lose your phone, which makes your wallet vulnerable to hacking. However, some people are adopting to use of a second phone as their mobile wallet which is more secure. The phone is often disconnected from WiFi and may even not include a plan. You only switch it on when making a transaction. 

Generally, mobile wallets are ideal for people who use crypto often, especially in small transactions. It is also a good option for beginners who don’t have a large investment. 

****Desktop Crypto Wallets****

Desktop wallets are software or programs you can install on your computer. Most wallets are compatible with common operating systems like Windows, Linux, and Mac. These are very similar to desktop wallets but some providers offer extra advantages. 

For example, some software wallets allow you to keep your keys offline on a USB drive, essentially functioning like hybrid crypto wallets. Desktop wallets are more secure than mobile ones but are not portable since it is not quite convenient to carry your desktops everywhere. 

The main risk is that if your device gets infected by a virus or malware, your crypto could be jeopardized. Desktop wallets are a good alternative for anyone looking for a secure wallet that is not for everyday use.

****Conclusion****

Choosing the best crypto wallet depends on your use and the size of the investment. For those who use crypto daily, mobile wallets are the best choice. If you want a foolproof, secure wallet, opt for hardware. However, if you are using browser-generated wallets watch out for security vulnerabilities like Randstorm which is currently impacting billions in crypto assets worldwide.

1.  Benefits of Using an Anonymous Bitcoin Wallet
2.  Biggest Crypto Scam Tactics and How to Avoid Them
3.  Power Plants to eWallets: ZTNA’s Role in the Gig Economy
4.  Study Finds AI Guesses Crypto Seed Phrases in 0.02 Seconds
5.  The Growing Importance of Secure Crypto Payment Gateways

Hardware Crypto Wallets vs. Mobile vs. Desktop: Which Should You Choose?

Bitdefender warns CS2 fans of scams using hijacked YouTube channels, fake giveaways, and crypto fraud. Protect your Steam account and avoid phishing traps.

Bitdefender Labs has uncovered a series of scams targeting the Counter-Strike 2 (CS2) community, exploiting major esports events like IEM Katowice 2025 and PGL Cluj-Napoca 2025.

According to Bitdefender’s investigation, shared with Hackread.com, cybercriminals are hijacking YouTube channels and impersonating popular professional players such as s1mple, NiKo, and donk to trick fans into fraudulent giveaways. These scams have several stages and aim to steal Steam accounts, cryptocurrency, and valuable in-game items.

First, scammers hack YouTube accounts, often those with established subscriber bases.  They then rebrand these channels to mimic well-known CS2 pros, removing original content.  

Next, they broadcast fake livestreams, using looped gameplay footage to create the illusion of a live event. These fake streams promote fake giveaways of CS2 skins, cases, or cryptocurrency, often using QR codes or malicious links to direct viewers to malicious websites. 

Fake CS2 impersonations, fraudulent skin giveaways, and hacked YouTube channels streaming deceptive livestreams (Source: Bitdefender).

These websites prompt victims to either log in with their Steam accounts, leading to inventory theft, or send cryptocurrency with promises of doubled returns, resulting in direct theft of digital assets. To appear more legitimate, scammers often post about the fake giveaways in the community section of the hijacked channel, disabling comments except for their own deceptive messages.

Bitdefender’s report found that scammers are also running cryptocurrency-doubling schemes. In these scams, they entice victims to send Bitcoin or Ethereum with the promise of doubling their investment. These schemes often use fake endorsements from CS.MONEY or professional players, falsely advertising substantial prize pools.

Some red flags include promises of doubling deposits, requests to send cryptocurrency up front, and a lack of verifiable association with legitimate esports organizations. These scams are strategically timed to coincide with major esports events like IEM Katowice and PGL Cluj-Napoca to maximize their reach.

“Scammers, tactics are evolving to exploit the hype surrounding major esports events. Whether they are stealing Steam inventories or cryptocurrency deposits, their goal is always financial gain at the expense of unsuspecting players. If there’s one thing gamers should remember is that in the world of CS2 and esports, nothing valuable comes for free!” they concluded.

Therefore, gamers should verify YouTube channels’ legitimacy by checking for content beyond livestreams and recent uploads and avoid clicking on suspicious links and QR codes. They also advise against CS2 giveaways, as legitimate ones are rare and typically hosted by official esports organizations.

Bitdefender also warns content creators, including those streaming esports and CS2, about potential phishing threats. Moreover, to protect your Steam account, enable Steam Guard Mobile Authenticator and Steam’s Multi-Factor Authentication. Regularly review login activity for unauthorized access, report suspicious activity or livestreams to YouTube and warn other gaming communities. 

1.  **Hackers Using Fake YouTube Links to Steal Login Data**
2.  **Malware in Fake Business Proposals Hits YouTube Creators**
3.  **New YouTube phishing scam using authentic email address**
4.  **“Get Paid to Like Videos” YouTube Scam Leads to Empty Wallets**
5.  **Hacked YouTube Channels Use Trump Assassination for Crypto Scam**

Hackers Hijack YouTube Channels to Target CS2 Fans with Fake Giveaways

### Impact
Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation.

To reproduce on an instance, without being logged in, go to `<host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If there is an output, and the title of the RSS feed contains `Hello from search text:42`, then the instance is vulnerable.

### Patches
This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1.

### Workarounds
[This line](https://github.com/xwiki/xwiki-platform/blob/568447cad5172d97d6bbcfda9f6183689c2cf086/xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-ui/src/main/resources/Main/SolrSearchMacros.xml#L955) in `Main.SolrSearchMacros` can be edited to match the `rawResponse` macro defined [here](https://github.com/xwiki/xwiki-platform/blob/67021db9b8ed26c2236a653269302a86bf01ef40/xwiki-platform-core/xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates/macros.vm#L2824) with a content type of `application/xml`, instead of simply outputting the content of the feed.

### References

* https://jira.xwiki.org/browse/XWIKI-22149
* https://github.com/xwiki/xwiki-platform/commit/67021db9b8ed26c2236a653269302a86bf01ef40

### Attribution
This vulnerability has been reported by John Kwak for Trend Micro's Zero Day Initiative.

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

GHSA-rr6p-3pfg-562j: XWiki Platform allows remote code execution as guest via SolrSearchMacros request

William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos' security research.

Thursday, February 20, 2025 14:02

Welcome to this week’s edition of the Threat Source newsletter. 

 Benjamin Franklin once said, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." In much the same way, those who rush for efficiency without taking into account security end up neither efficient nor secure.  

The past week the Department of Government Efficiency (or DOGE) has put on a clinic of how not to do things. For example, the Doge.gov website was easily and immediately compromised. Researchers were able to push updates to the public website via access to a database of government employment information. Not to be outdone the DOGE team hastily stood up the Waste.gov website which still had a placeholder Wordpress default template, including the sample text which features an imaginary architecture firm called Études, from a default WordPress theme called Twenty Twenty-Four. This slapdash nonsense was hidden behind a password wall after the research information became public.  

It’s really an excellent lesson in what happens when security is not taken into account and the instant ramifications. As an entire infosec community we’ve talked at length about how baking security into every decision is incredibly important and that trying to bolt on fixes after the fact not only doesn’t work but highlights the lack of rigor and awareness of security in the room - creating an attractive target.

Let’s take a deep breath, take a moment to create a more secure process, follow those processes, and ensure security is in place at every step - then we can attack matters of efficiency.  

**The one big thing **

Cisco Talos has published a blog on the ongoing research into Salt Typhoon. Cisco Talos been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, an issue that we have been concerned with for a long time here at Talos. The activity, initially reported in late 2024 and later confirmed by the U.S. government, is being carried out by a highly sophisticated threat actor dubbed Salt Typhoon.  

A hallmark of this campaign is the use of living-off-the-land (LOTL) techniques on network devices. It is important to note that while the telecommunications industry is the primary victim, the advice contained herein is relevant to, and should be considered by, all infrastructure defenders. 

**Why do I care? **

State sponsored actors have been aggressively targeting global network infrastructure and understanding and mitigating these actions will help you improve your network infrastructure resilience. 

**So now what? **

Cisco Talos has released an extensive list of preventative measures for general and Cisco-specific devices which can be found in the Salt Typhoon blog post.  

**Top security headlines of the week **

Palo Alto Networks has warned that hackers are exploiting another vulnerability in its firewall software to break into unpatched customer networks. (TechCrunch)  

Security researchers warn a critical vulnerability in SonicWall’s SonicOS is under active exploitation.(CyberSecurityDrive) 

Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. (TheHackerNews) 

**Can’t get enough Talos? **

*   Talos Vulnerability Research: ClearML and NVIDIA 
*   Vulnerability Deep Dive: Small praise for modern compilers - A case of Ubuntu printing vulnerability that wasn’t 

**Upcoming events where you can find Talos **

RSA (April 28-May 1, 2025)   
 San Francisco, CA 

CTA TIPS 2025 (May 14-15, 2025)    
Arlington, VA 

**Most prevalent malware files from Talos telemetry over the past week  **

SHA 256:7b3ec2365a64d9a9b2452c22e82e6d6ce2bb6dbc06c6720951c9570a5cd46fe5  MD5: ff1b6bb151cf9f671c929a4cbdb64d86     
VirusTotal : https://www.virustotal.com/gui/file/7b3ec2365a64d9a9b2452c22e82e6d6ce2bb6dbc06c6720951c9570a5cd46fe5   
Typical Filename: endpoint.query  
Claimed Product: Endpoint-Collector   
Detection Name: W32.File.MalParent     

SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91     
MD5: 7bdbd180c081fa63ca94f9c22c457376    
VirusTotal: https://www.virustotal.com/gui/file/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91/details%C2%A0   
Typical Filename: c0dwjdi6a.dll    
Claimed Product: N/A  
Detection Name: Trojan.GenericKD.33515991 

SHA 256:9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507   
MD5: 2915b3f8b703eb744fc54c81f4a9c67f   
VirusTotal: https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507   
Typical Filename: VID001.exe   
Detection Name: Simple\_Custom\_Detection 

SHA 256: 47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca  
MD5: 71fea034b422e4a17ebb06022532fdde  
VirusTotal: https://www.virustotal.com/gui/file/47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca   
Typical Filename: VID001.exe  
Claimed Product: N/A  
Detection Name: Coinminer:MBT.26mw.in14.Talos

Tag

#mac