Rewards Hub A Web3 job applicant reported that they were asked by @seracleofficial to clone and run project code on Bitbucket, which led to the execution of malicious software on their machine. This resulted in the scanning of sensitive files, including .env files containing private keys. SlowMist's Cosine highlighted that this type of backdoor, known as a "stealer," can collect locally stored browser passwords and encrypted mnemonic/private key information from wallet extensions. Cosine advised that malicious code analysis should be conducted in isolated environments and noted the discovery of new exploitation techniques, which are currently under internal investigation.
Web3 Job Applicant Targeted by Malicious Code in Bitbucket Project
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.