Mark Grech warns of sophisticated podcast scam after near-miss hack attempt

A Maltese tech entrepreneur has shared how he narrowly avoided falling victim to a sophisticated social-engineering scam that attempted to install malware on his device under the guise of a podcast recording.

Mark Grech, co-founder of Pyaza and a long-time figure in the iGaming, crypto and web3 space, described on LinkedIn how he was targeted through a weeks-long impersonation scheme involving fake journalists, fake speakers and a fraudulent streaming link.

Mr Grech, who has over a decade of experience across product, technology, security and payments in online casinos, sports betting and affiliate businesses, said the experience was particularly unsettling given his professional background in digital security and vigilance online.

He explained that in early December he was contacted on Telegram by an individual claiming to work with the WIRED podcast, inviting him to take part in a voice recording. A group chat was subsequently created with profiles purporting to be real WIRED staff and other speakers. The profiles appeared authentic, matching real names and social media accounts.

Over several weeks, conversations around scheduling and topics took place, giving the interaction an air of legitimacy. The recording was set for January, with participants being sent a StreamYard link.

Mr Grech said the first red flag appeared when he noticed the URL ended in “.to” instead of the official “.com”. When he attempted to join, he received a connection error and was encouraged by the other participants to download a supposed desktop application for StreamYard.

He then verified independently that no such desktop app exists.

Sensing that something was wrong, Mr Grech used a spare device with no personal data to test the download. He reported that antivirus alerts immediately flagged malware, bootloader threats, keylogging activity and attempts to access hard drives.

Shortly after he questioned the legitimacy of the setup and attempted to move the conversation to other platforms, he was removed from the group chat.

Mr Grech later discovered online discussions describing identical tactics, where individuals are invited to record podcast episodes that never materialise. The objective, he said, is to trick targets into installing malicious software that compromises their devices.

In his posts, he stressed that the incident demonstrated how even experienced technology professionals can be drawn into increasingly sophisticated scams that rely on patience, impersonation and subtle pressure rather than urgency.

He urged others, particularly entrepreneurs, founders and content creators who are frequently approached for interviews and collaborations, to remain vigilant, verify links carefully, and avoid downloading unfamiliar software.

“If you downloaded any app or file linked to something similar, disconnect the device, reset it immediately, and assume it may be compromised,” he wrote.