SlowMist Detects Fake Recruitment Activities, Malicious GitHub Code Deceiving Developers

By: rootdata|2026/07/18 07:30:00

SlowMist has detected malicious activities targeting developers, where attackers exploit fake Web3 recruitment information to carry out their attacks. The attackers impersonate recruiters on LinkedIn, building trust through discussions about work experience and interview processes, and then send a GitHub repository disguised as "interview MVP" to lure developers into running the project. Analysis reveals that the malicious repository hides theme/js/auron-core.min.js as a Tailwind plugin. When developers run the development or build commands for the project, the hidden Node.js loader is triggered, deploying multiple payloads, including stealing browser credentials and wallet data, collecting and exfiltrating sensitive files, executing remote commands and providing interactive shell access, and monitoring the clipboard. SlowMist advises developers to thoroughly check project scripts, dependencies, and build configurations before running unknown code repositories.

Disclaimer: This content is provided for general branding and informational purposes only and doesn't constitute financial, investment, legal, or tax advice. Any events, rewards, online events, or related information mentioned herein should not be considered a recommendation, solicitation, or invitation to purchase, sell, trade, or otherwise deal in any crypto assets or to use any services. Crypto assets are highly volatile and may result in loss. WEEX services and online events may not be available in all regions and are subject to applicable laws, regulations, and eligibility requirements. You are responsible for ensuring that your use of WEEX services complies with local laws and for carefully assessing the risks before participating in any crypto-related activities.

You may also like

iconiconiconiconiconiconicon
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com