It’s not surprising when the guy who’s been yelling about the horrors of late-stage capitalism on Instagram for the last five years turns his ire towards ICE. But something different has been happening over the week or so, following the most recent shootings of civilians by federal agents — even accounts that stay laser focused on golfing, chopping wood, and playing cats like bongos have started to speak out.
Technology
Beware of fake Reddit solutions delivering dangerous malware
Sometimes, when you need an answer to a complex life situation or a way to troubleshoot an error on your computer, regular articles on the web don’t help. Some issues are so niche that no one writes about them, and those who do often say nothing useful in 1,000 words.
In these cases, adding Reddit to your search query can be a game changer. Nine times out of 10, someone on Reddit has faced the same issue, and there’s probably a solution.
But bad actors have caught on to this, too. They’re now mimicking Reddit to spread malware that can steal your personal information.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
Reddit app on home screen of smartphone (Kurt “CyberGuy” Knutsson)
What you need to know about fake Reddit pages
Hackers are distributing nearly 1,000 fake websites mimicking Reddit and WeTransfer to spread the Lumma Stealer malware. These sites are designed to trick you into downloading malicious software by imitating legitimate discussions and file-sharing services.
On these fake Reddit pages, attackers create a fabricated discussion where one user asks for help downloading a tool, another offers a WeTransfer link and a third expresses gratitude to make the exchange seem real. Clicking the link redirects victims to a counterfeit WeTransfer site, where the download button delivers the Lumma Stealer malware.
All these fake pages have the following things in common:
- The websites include a brand name (like “Reddit” or “WeTransfer”) followed by random characters to appear legitimate at first glance
- They use “.org” or “.net” domains instead of the official one, which is “.com”
- The interface closely mimics the real sites to deceive users
These fake websites were discovered by Sekoia researcher crep1x, who compiled a full list of the pages involved in the scheme. In total, 529 of these sites mimic Reddit, while 407 impersonate WeTransfer to trick users into downloading malware.
According to BleepingComputer, hackers may be driving traffic to these fake pages through methods like malicious ads (malvertising), search engine manipulation (SEO poisoning), harmful websites, direct messages on social media and other deceptive tactics.
Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)
HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET
The dangers of info-stealer malware
Hackers are using fake Reddit pages to spread Lumma Stealer, a powerful malware designed to steal personal data while staying under the radar. Once it infects a device, it can grab passwords stored in web browsers and session tokens, allowing attackers to hijack accounts without even needing a password.
But Reddit isn’t the only way this malware spreads. Hackers also push it through GitHub comments, deepfake websites and shady online ads. Once they steal login credentials, they often sell them on hacker forums, where others can use them for further attacks.
This type of malware has already played a role in major security breaches, including attacks on PowerSchool, Hot Topic, CircleCI and Snowflake. It’s a growing threat, especially for companies that rely on password-based security.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
Illustration of a hacker at work
BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS – CYBERGUY PICKS
6 ways to protect yourself from info-stealing malware
1. Be cautious with download links: Avoid downloading files from random Reddit discussions, social media messages or unfamiliar websites. If an unknown user shares the link or seems out of place in the context, it’s better to err on the side of caution. If the link is directing you to a file-sharing site like WeTransfer or Google Drive, double-check the URL for any signs of manipulation—like random characters added to the domain name.
2. Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware originating from these Reddit discussions, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
3. Verify website URLs: Fake websites often look convincing but have slight differences in their URLs. Check for misspellings, extra characters or unusual domains (e.g., “.org” or “.net” instead of the official “.com”).
4. Use strong, unique passwords and enable 2FA: A password manager can help generate and store strong passwords for each site. Meanwhile, enabling two-factor authentication (2FA) adds an extra layer of security, making it harder for attackers to hijack your accounts. Get more details about my best expert-reviewed Password Managers of 2025 here.
5. Keep your software updated: Regularly update your operating system, apps, browsers and other software on your PC or mobile devices. Updates often include patches for security vulnerabilities that hackers can exploit.
6. Watch out for malvertising and SEO traps: Hackers manipulate search engine results and run deceptive ads to trick users into visiting fake sites. Stick to official sources and avoid clicking on ads or search results that seem too good to be true.
HOW TO FIGHT BACK AGAINST DEBIT CARD HACKERS WHO ARE AFTER YOUR MONEY
Kurt’s key takeaway
Hackers are getting sneakier, using fake Reddit and WeTransfer pages to spread dangerous malware like Lumma Stealer. These sites might look real, but they’re designed to steal your personal info. To stay safe, always double-check links and be cautious about downloading files from unfamiliar sources. Use strong, unique passwords, enable two-factor authentication and keep your software updated to stay one step ahead of cybercriminals.
Have you ever encountered a suspicious link on Reddit or social media? How did you handle it? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
The tenor on social media and Reddit took an even sharper turn yesterday, following the killing of Alex Pretti by ICE. Even the moderator of normally politics-free r/catbongos (a subreddit “Where gentlemen, gentlewomen, and gentlethems of quality gather to watch cats being played like bongos”) spokeout in a post where they declared that “If you still support Trump/ICE even slightly, you’re not welcome in this sub.”
That quilters on Instagram or a Facebook account dedicated to New England gravestones have decided enough, is enough, is one thing. But, judging from the comments, it seems like the government has lost the support of r/military as well. The subreddit is filled with angry posters decrying that “this is exactly what tyranny looks like” and sharing memes mocking Secretary of Defense Pete Hegseth. One poster claiming to be an active member of the U.S. Army who has served for 21 years said, “these guys are against all we stand for as Americans. Modern day brownshirts.”
All across Reddit, subs are being inundated with anti-ICE posts. From r/Fauxmoi, to r/NFCNorthMemeWar, and r/DungeonCrawlerCarl. There’s even been some limited signs of revolt among the members of r/conservative, some of whom have taken issue with Kristi Noem’s description of Alexi Pretti as a “domestic terrorist,” and suggested that she should “just be quiet for a while.” And arguments have broken out among community members over perceived hypocrisy around the Second Amendment.
Some big names have also joined the chorus, including Joe Santagato of The Basement Yard podcast, who posted that what was occurring on the streets of Minneapolis was “legit horrifying.” And when someone told him to “Stay out of politics,” and “get back to spitting water out of your mouth and de-jumbling words with your idiot friends.” He shot back, “De-jumble this: ksuc ym slalb.”
Canadian wrestlers and social media influencers Chris and Patrick Vörös have spoken out previously about their anti-ICE views, but took the opportunity to remind people of the only two ICE agents they support. Educational YouTube channel Primer also took to X to say this is no longer about politics, but about the “fabric of society.”
Canadian musician bbno$ decided to break his silence, even if it risked his visa and his current U.S. tour, to throw his support behind the abolish ICE movement. Even Thoren Bradley, the Axe Man himself, whose whole schtick is being a ripped rural dude who chops wood, has decided to call out the hypocrisy of the Christian conservatives to his 10.7 million followers.
That creators like Hank Green are speaking out is no surprise. But when fitness influencers, duck-painting TikTokers, football subreddits, and even Second Amendment rights activists have finally broken their silence, it seems like the government has lost control of the narrative. No matter how hard they try to spin it.
Let us know in the comments what other creators and communities have begun to speakout in the comments.
Updated January 25th: Added additional information about Reddit communities.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
NEWYou can now listen to Fox News articles!
Google designed Fast Pair to make Bluetooth connections fast and effortless. One tap replaces menus, codes and manual pairing. That convenience now comes with serious risk. Security researchers at KU Leuven uncovered flaws in Google’s Fast Pair protocol that allows silent device takeovers. They named the attack method WhisperPair. An attacker nearby can connect to headphones, earbuds or speakers without the owner knowing. In some cases, the attacker can also track the user’s location. Even more concerning, victims do not need to use Android or own any Google products. iPhone users are also affected.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
APPLE WARNS MILLIONS OF IPHONES ARE EXPOSED TO ATTACK
Fast Pair makes connecting Bluetooth headphones quick, but researchers found that some devices accept new pairings without proper authorization. (Kurt “CyberGuy” Knutsson)
What WhisperPair is and how it hijacks Bluetooth devices
Fast Pair works by broadcasting a device’s identity to nearby phones and computers. That shortcut speeds up pairing. Researchers found that many devices ignore a key rule. They still accept new pairings while already connected. That opens the door to abuse.
Within Bluetooth range, an attacker can silently pair with a device in about 10 to 15 seconds. Once connected, they can interrupt calls, inject audio or activate microphones. The attack does not require specialized hardware and can be carried out using a standard phone, laptop, or low-cost device like a Raspberry Pi. According to the researchers, the attacker effectively becomes the device owner.
Audio brands affected by the Fast Pair vulnerability
The researchers tested 17 Fast Pair compatible devices from major brands, including Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech and Google. Most of these products passed Google certification testing. That detail raises uncomfortable questions about how security checks are performed.
How headphones can become tracking devices
Some affected models create an even bigger privacy issue. Certain Google and Sony devices integrate with Find Hub, which uses nearby devices to estimate location. If a headset has never been linked to a Google account, an attacker can claim it first. That allows continuous tracking of the user’s movements. If the victim later receives a tracking alert, it may appear to reference their own device. That makes the warning easy to dismiss as an error.
GOOGLE NEST STILL SENDS DATA AFTER REMOTE CONTROL CUTOFF, RESEARCHER FINDS
Attacker’s dashboard with location from the Find Hub network. (KU Leuven)
Why many Fast Pair devices may stay vulnerable
There is another problem most users never consider. Headphones and speakers require firmware updates. Those updates usually arrive through brand-specific apps that many people never install. If you never download the app, you never see the update. That means vulnerable devices could remain exposed for months or even years.
The only way to fix this vulnerability is by installing a software update issued by the device manufacturer. While many companies have released patches, updates may not yet be available for every affected model. Users should check directly with the manufacturer to confirm whether a security update exists for their specific device.
Why convenience keeps creating security gaps
Bluetooth itself was not the problem. The flaw lives in the convenience layer built on top of it. Fast Pair prioritized speed over strict ownership enforcement. Researchers argue that pairing should require cryptographic proof of ownership. Without it, convenience features become attack surfaces. Security and ease of use do not have to conflict. But they must be designed together.
Google responds to the Fast Pair WhisperPair security flaws
Google says it has been working with researchers to address the WhisperPair vulnerabilities and began sending recommended patches to headphone manufacturers in early September. Google also confirmed that its own Pixel headphones are now patched.
In a statement to CyberGuy, a Google spokesperson said, “We appreciate collaborating with security researchers through our Vulnerability Rewards Program, which helps keep our users safe. We worked with these researchers to fix these vulnerabilities, and we have not seen evidence of any exploitation outside of this report’s lab setting. As a best security practice, we recommend users check their headphones for the latest firmware updates. We are constantly evaluating and enhancing Fast Pair and Find Hub security.”
Google says the core issue stemmed from some accessory makers not fully following the Fast Pair specification. That specification requires accessories to accept pairing requests only when a user has intentionally placed the device into pairing mode. According to Google, failures to enforce that rule contributed to the audio and microphone risks identified by the researchers.
To reduce the risk going forward, Google says it updated its Fast Pair Validator and certification requirements to explicitly test whether devices properly enforce pairing mode checks. Google also says it provided accessory partners with fixes intended to fully resolve all related issues once applied.
On the location tracking side, Google says it rolled out a server-side fix that prevents accessories from being silently enrolled into the Find Hub network if they have never been paired with an Android device. According to the company, this change addresses the Find Hub tracking risk in that specific scenario across all devices, including Google’s own accessories.
Researchers, however, have raised questions about how quickly patches reach users and how much visibility Google has into real-world abuse that does not involve Google hardware. They also argue that weaknesses in certification allowed flawed implementations to reach the market at scale, suggesting broader systemic issues.
For now, both Google and the researchers agree on one key point. Users must install manufacturer firmware updates to be protected, and availability may vary by device and brand.
SMART HOME HACKING FEARS: WHAT’S REAL AND WHAT’S HYPE
Unwanted tracking notification showing the victim’s own device. (KU Leuven)
How to reduce your risk right now
You cannot disable Fast Pair entirely, but you can lower your exposure.
1) Check if your device is affected
If you use a Bluetooth accessory that supports Google Fast Pair, including wireless earbuds, headphones or speakers, you may be affected. The researchers created a public lookup tool that lets you search for your specific device model and see whether it is vulnerable. Checking your device is a simple first step before deciding what actions to take. Visit whisperpair.eu/vulnerable-devices to see if your device is on the list.
2) Update your audio devices
Install the official app from your headphone or speaker manufacturer. Check for firmware updates and apply them promptly.
3) Avoid pairing in public places
Pair new devices in private spaces. Avoid pairing in airports, cafés or gyms where strangers are nearby.
4) Factory reset if something feels off
Unexpected audio interruptions, strange sounds or dropped connections are warning signs. A factory reset can remove unauthorized pairings, but it does not fix the underlying vulnerability. A firmware update is still required.
5) Turn off Bluetooth when not needed
Bluetooth only needs to be on during active use. Turning off Bluetooth when not in use limits exposure, but it does not eliminate the underlying risk if the device remains unpatched.
6) Reset secondhand devices
Always factory reset used headphones or speakers before pairing them. This removes hidden links and account associations.
7) Take tracking alerts seriously
Investigate Find Hub or Apple tracking alerts, even if they appear to reference your own device.
8) Keep your phone updated
Install operating system updates promptly. Platform patches can block exploit paths even when accessories lag behind.
Kurt’s key takeaways
WhisperPair shows how small shortcuts can lead to large privacy failures. Headphones feel harmless. Yet, they contain microphones, radios and software that need care and updates. Ignoring them leaves a blind spot that attackers are happy to exploit. Staying secure now means paying attention to the devices you once took for granted.
Should companies be allowed to prioritize fast pairing over cryptographic proof of device ownership? Let us know by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Steven Garcia, as told to Gaby Del Valle:
I was in the middle of a frozen lake when I got the notification from the Minnesota Star Tribune that there had been a shooting. I was on assignment at a pond hockey event, and someone who was supposed to play later that evening said he probably wouldn’t be able to make it — they knew there would be protests and demonstrations happening.
I arrived a little over three hours later. Federal officers had already cleared the scene — the FBI had been there investigating — so the only law enforcement present were state and local officials: the Minneapolis Police Department, their SWAT team, the Hennepin County Sheriff’s Office, and the Minnesota State Patrol.
There were protesters at multiple intersections. People had blocked off the streets with trash cans and dumpsters, and there were mattresses on the ground. Protesters were heckling officers, but there were no physical altercations. Eventually law enforcement retreated by a block and started throwing tear gas. They drove their trucks over the mattresses as they left.
When those tear gas canisters go off, they pop and bang, kind of like a firework. Dozens of canisters were going off. Even initially, there were four, five, six canisters at a time that they were throwing. I had to duck in an alley for a little bit because it got through my mask. It’s not a fun experience, even in very small amounts. You have to keep your eyes closed. It burns your eyes, it burns your mouth. For some people, it causes nausea and burning on the skin. Another local reporter told me his neck was burning and he had to use a decon wipe.
I think because of George Floyd in 2020, people knew how to respond. Gregory Bovino, the head of the US Border Patrol who has been here the whole time, has said community members in Minneapolis are really prepared. A lot of people I’ve talked to have said, “I had my respirator ready from 2020,” and they just restocked on safety supplies, decon wipes, and first aid kits. Even if they weren’t immediately prepared, they could rapidly respond to these kinds of events. At all the events I’ve been to, people will set a table to hand out food and water and hand warmers. It was especially cold today — it wasn’t supposed to get above 0 degrees.
After the officers cleared the scene, everyone convened at the intersection of 26th and Nicolette, just a couple hundred feet from where Alex Pretti was shot. Some community members started a makeshift vigil for him at the location where he was killed. People were spelling his name out with pinecones and starting to leave flowers.
North Dakota5 minutes ago
IC West’s Ethan Headings flips from Iowa football to North Dakota
Ohio11 minutes ago
Winter Storm Fern covers Northeast Ohio in steady waves of snow
Oklahoma17 minutes ago
Oklahoma schools and churches close following winter storm
Oregon23 minutes ago
Car catches fire on Oregon highway following 5-vehicle crash
Pennsylvania29 minutes ago
Restrictions in place for vehicles on Pennsylvania Interstates
Florida1 year ago
Florida High School Football Rankings: Top 25 teams – Oct. 21
Connecticut2 years ago
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
Oregon2 years ago
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
Virginia2 years ago
99th annual Pony Swim held in Virginia
Indiana1 year ago
Indiana Members Credit Union announced as new anchor tenant at Bottleworks District
Politics4 hours ago
Dems silent on Minnesota church disruption after pressing Bondi to use FACE Act on pro-lifers
World5 hours ago
Green electricity: Which EU countries are using the most?
News5 hours ago
Philadelphia snow updates: Latest forecast, storm timing, travel impact and more
News15 hours ago
Timeline: How the Shooting of Alex Jeffrey Pretti Unfolded
Politics16 hours ago
GOP Sen. Cassidy breaks with Trump over deadly shooting by Border Patrol agent in Minneapolis
-
Sports1 week agoMiami’s Carson Beck turns heads with stunning admission about attending classes as college athlete
-
Illinois3 days agoIllinois school closings tomorrow: How to check if your school is closed due to extreme cold
-
Pittsburg, PA6 days agoSean McDermott Should Be Steelers Next Head Coach
-
Politics1 week agoNoem names Charles Wall ICE deputy director following Sheahan resignation
-
Lifestyle7 days agoNick Fuentes & Andrew Tate Party to Kanye’s Banned ‘Heil Hitler’
-
Culture1 week agoWhat Kind of Lover Are You? This William Blake Poem Might Have the Answer.
-
Technology1 week agoCasting is dead. Long live casting!
-
Sports6 days agoMiami star throws punch at Indiana player after national championship loss