SlowMist has identified a malicious campaign targeting developers through fake Web3 job offers. Attackers impersonated recruiters on LinkedIn, gaining trust by discussing work experience and interviews before sending a GitHub repository disguised as an 'interview MVP'. The repository contained a hidden Node.js loader in the theme/js/auron-core.min.js file, masquerading as a Tailwind plugin. When executed, it deployed payloads to steal browser credentials and wallet data, collect sensitive files, execute remote commands, and monitor clipboards. SlowMist advises developers to scrutinize project scripts, dependencies, and build configurations before running unknown code.
SlowMist Uncovers Malicious GitHub Code in Fake Recruitment Scam
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.
