SlowMist: Detected a fake job posting campaign impersonating a headhunter to send malicious GitHub code

robot
Abstract generation in progress

PANews July 18 news: According to monitoring by SlowMist, MistEye recently detected a malicious activity targeting developers. The attack uses fake Web3 job postings to carry out the assault. The attackers impersonate recruiters on LinkedIn, building trust by discussing work experience and interview experiences, and then send a GitHub repository disguised as an “interview MVP” to trick developers into running the project. Its analysis found that the malicious repository hides theme/js/auron-core.min.js as a Tailwind plugin. When developers run the project’s development or build commands, the hidden Node.js loader is triggered and deploys multiple payloads to: steal browser credentials and wallet data, collect and exfiltrate sensitive files, execute remote commands and interactive Shell access, and monitor the clipboard. SlowMist reminds developers that before running unknown code repositories, they must check the project scripts, dependencies, and build configuration.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned