Wu Says learned that, according to monitoring by the SlowMist team, a recent wave of malicious fake recruitment attack activity targeting Web3 developers has emerged. The attackers impersonated recruiters on LinkedIn, built trust through the interview process, and then lured developers into running a GitHub repository disguised as a “job interview MVP” project. The repository hides a malicious Tailwind plugin in theme/js/auron-core.min.js, deploys multiple malicious payloads to steal browser credentials, wallet data, collect sensitive files, execute remote commands, and monitor the clipboard. SlowMist reminds developers that before running unknown repositories, they must check the project scripts, dependencies, and build configurations, and stay alert to the risk of trusted workflows becoming a carrier for attacks.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned