The recruiter in question asked the developer to download npm packages from a GitHub repository, and hours later the developer discovered his MetaMask wallet had been emptied.
Take-home job exercise empties dev's crypto wallet.
Moments later, the developer discovered that his MetaMask wallet had been drained-with upwards of $500 siphoned out of his account, based on the information seen by BleepingComputer.
It isn't unusual for legitimate tech interviews to involve some kind of take-home exercise or proof-of-concept assignment involving code writing or debugging, which makes the lure highly convincing even for technically savvy people, like developers.
Note that the apps present in the said GitHub repos [1, 2] are valid npm projects, given their format and the included package.
Json manifest, but these do not appear to have ever been published to npmjs.com, the largest open-source registry of JavaScript projects.
As per the assignment instructions, the developer cloned both GitHub repositories and started to debug his instance to find the problem while running both the frontend and backend applications locally on his machine.
Following the task, he attended a Google Meet session with the man who had approached him on LinkedIn, and explained the solution-and this was it, or so the developer thought.
Except, a few hours later, the developer noticed, his Ethereum balance had been drained.
Among recent transactions shared by the developer and seen by BleepingComputer, is an outbound one for 0.225 ETH-approximately US$538 sent to another crypto address in the last week.
Despite looking through the code present in both repositories, the developer is still unsure about the exact mechanics of this attack that led him to lose money and is seeking help from the community to understand the same.
Some legitimately concerned community members stepped up to offer their insights.
Whether these are all part of a simple quasi-job interview exercise, or the crypto-stealing attack remains unclear.
Mehmet Selim, also confirms being messaged by the LinkedIn recruiter who had reached out to Çeliktepe.
Web developers and security researchers should keep an eye out for bogus job offers on career development platforms as these could be scams.
It is a good idea to complete any take-home job exercises-no matter how seemingly benign, on a machine that is separate from your primary device.
Ethereum feature abused to steal $60 million from 99K victims.
GitHub warns users to enable 2FA before upcoming deadline.
Crypto scammers abuse Twitter 'feature' to impersonate high-profile accounts.
New NKAbuse malware abuses NKN blockchain for stealthy comms.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 28 Dec 2023 11:30:09 +0000