Wu Xie learned that, according to monitoring by the SlowMist team, a malicious fake recruitment attack campaign targeting Web3 developers has recently appeared. The attackers posed as recruiters on LinkedIn, built trust through an interview process, and then lured developers into running a GitHub repository disguised as an “interview MVP” project. Inside the repository, a malicious Tailwind plugin was hidden in theme/js/auron-core.min.js, deploying multiple malicious payloads to steal browser credentials, wallet data, collect sensitive files, execute remote commands, and monitor the clipboard. SlowMist reminds developers that before running any unknown repository, they must check the project scripts, dependencies, and build configuration, and be alert to the risk that seemingly trusted workflows can become a carrier for attacks.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 6
  • 2
  • Share
Comment
Add a comment
Add a comment
WhiteHatGhost
· 10h ago
As a developer, code security awareness is just as important as technical ability—don’t let one interview ruin your entire wallet.
View OriginalReply0
LiquidationSpotter
· 07-18 09:54
Attackers caused trouble using a trust chain, turning the entire interview process into a scam. In the future, when you receive a test task, you should first run it in a sandbox to see what it does.
View OriginalReply0
MEV_Catcher
· 07-18 09:47
SlowMist’s reminder is timely—checking the project scripts and dependencies before running them really can save lives.
View OriginalReply0
VolumePriceAnalyst
· 07-18 09:39
These recruitment scams are really hard to guard against—everyone should be careful.
View OriginalReply0
HotWalletAuditor
· 07-18 09:36
Hiding malicious plugins in Tailwind—this technique is so stealthy that ordinary people would never think to check node_modules.
View OriginalReply0
TrendLinePoet
· 07-18 09:31
More and more fake job postings are appearing on LinkedIn—remember to verify the company information more thoroughly.
View OriginalReply0
  • Pinned