SlowMist Detects Malicious GitHub Code Deployed via Fake Web3 Job Recruitment on July 18

According to SlowMist, MistEye detected a malicious activity on July 18 targeting developers through fake Web3 job postings. Attackers impersonated recruiters on LinkedIn, built trust by discussing job experience, and sent a deceptive GitHub repository disguised as an "interview MVP." When developers ran the project, a hidden Node.js loader triggered and deployed multiple payloads.

The malicious code was designed to steal browser credentials and wallet data, collect sensitive files, execute remote commands with interactive shell access, and monitor clipboard activity. SlowMist advised developers to thoroughly inspect project scripts, dependencies, and build configurations before running unknown code repositories.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments