Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Supports Visa, MasterCard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
Markets
Trade
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Futures Kickoff
Get prepared for your futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to experience risk-free trading
Earn
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investment
Community
Square
Discover value in crypto
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
More
Promotions
Diğerleri
TradFi
giveaways
Rewards Hub
Square
Latest
Hot
News
Profile
ChainChefvip

SlowMist Security Team recently issued a warning: a malicious activity targeting developers has not just appeared recently, but has been present on GitHub for the past 7 months.



Specifically, attackers use fake job postings as bait to lure developers into downloading what appears to be a normal VS Code project. When you open this project, hidden malicious tasks will quietly run—users are often unaware. Once activated, these tasks can steal sensitive data from services like Vercel.

This method is particularly dangerous because it targets the developer community. Job hunting season makes it especially easy to fall for such scams. The security team emphasizes that developers must stay vigilant when encountering unfamiliar code projects, especially when the recruitment channels are unverified. Additionally, regularly reviewing VS Code extensions and project configurations for abnormal startup scripts or background tasks is an important step in prevention.
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 9
  • Repost
  • Share
Comment
0/400
Rugpull幸存者vip
· 01-24 02:43
Bro, this move is really clever—using fake job postings for phishing... I was wondering why that job posting seemed so weird. Started 7 months ago? GitHub's security really... feels like the defenses are all paper-thin. Developers, be careful and check your extensions.
View OriginalReply0
AirdropChaservip
· 01-23 23:31
Wow, haven't noticed for 7 months? GitHub's security is really concerning.
View OriginalReply0
ForkItAllDayvip
· 01-23 10:26
Whoa, this thing has been around for 7 months? How did I just find out... Better check my VS Code extensions quickly.
View OriginalReply0
DuckFluffvip
· 01-21 04:21
Damn, the phishing job postings on GitHub have been hidden for 7 months? How many people have fallen for it? Just realized this trick is really clever, as soon as you open the project, data starts being stolen Job seekers, be more cautious. For offers from unknown sources, ask three times first VS Code needs to be checked regularly, or you won't know what’s happening behind the scenes Recruitment season requires extra caution, there are a bunch of scammers This move is well done, a warning to all developers
View OriginalReply0
DegenMcsleeplessvip
· 01-21 04:19
Damn, it was already there 7 months ago? Why is the warning only coming out now? The developers must have already been affected, right?
View OriginalReply0
StealthMoonvip
· 01-21 04:13
Damn, how ruthless is this trick? No one noticed for 7 months?
View OriginalReply0
SellTheBouncevip
· 01-21 04:13
Started 7 months ago? That shows we've been taking the fall all along. Developers are the easiest to be fooled—human weakness. When you're eager to find a job, you'll believe anything.
View OriginalReply0
OnChain_Detectivevip
· 01-21 04:09
yo seven months?? pattern analysis screaming this is way deeper than some random github incident... suspicious activity detected across multiple vectors here
Reply0
MetaverseVagrantvip
· 01-21 04:03
Wow, fake job postings to trick developers into downloading malicious projects? This trick is so old... But someone actually fell for it? It's been 7 months, and no one has noticed?
View OriginalReply0
View More

  • Pin

Sitemap