#devalert
devalert
483 baxış
Müzakirə edir: 3
Populyar
Sonuncu
🚨 TƏHLÜKƏSİZLİK ALƏRJI:
400-dən çox NPM paketi — əsas ENS və kripto kitabxanaları daxil olmaqla — **pərəstişkar təbiiyyətli hücum** tərəfindən təsir edildi! 🐛
Hücumçular **tərtibatçı sənədləri və pul qablaşdırma açarlarını** çaldı.
Tərtibatçılar və istifadəçilər, diqqətli olun və paketlərinizi İNDI yeniləyin! ⚠️
#CryptoSecurity #ENS #NPM #DevAlert #CryptoNews
400-dən çox NPM paketi — əsas ENS və kripto kitabxanaları daxil olmaqla — **pərəstişkar təbiiyyətli hücum** tərəfindən təsir edildi! 🐛
Hücumçular **tərtibatçı sənədləri və pul qablaşdırma açarlarını** çaldı.
Tərtibatçılar və istifadəçilər, diqqətli olun və paketlərinizi İNDI yeniləyin! ⚠️
#CryptoSecurity #ENS #NPM #DevAlert #CryptoNews
🚨 Developers Beware: Job Application GitHub Template Found to Steal Crypto Wallets!
A chilling new scam targeting developers has come to light, thanks to a report by a user named Evada on the tech forum V2EX. During a job application process, Evada was instructed by a recruiter to clone and work on a GitHub project — but what seemed like a standard coding task was actually a stealthy malware trap.
🧨 The Trap:
Inside the project, a seemingly harmless file named logo.png wasn’t just an image — it was embedded with executable malicious code. The project’s config-overrides.js file secretly triggered the execution, designed to steal local cryptocurrency private keys.
📡 How It Worked:
The malicious script sent a request to download a trojan file from a remote server.
Once downloaded, it was set to run automatically on system startup, giving the attacker persistent access.
The payload aimed specifically at crypto wallets and sensitive user data.
🛑 Immediate Action Taken:
V2EX admin Livid confirmed the offending user account has been banned.
GitHub has also removed the malicious repository.
💬 Community Reaction:
Many developers expressed alarm at this new method of targeting coders through job applications. The scam blends social engineering with technical deception, making it especially dangerous.
⚠️ Key Takeaway for Developers:
Never trust code or templates from unknown or unverified sources — even if they come from a so-called recruiter.
Always inspect suspicious files, especially image or media files in dev projects.
Use a secure, sandboxed environment when working on unfamiliar projects.
🔐 Stay safe, devs — scammers are getting smarter, but awareness is your first line of defense.
#DevAlert #GitHubScam #CryptoSecurity2025 #Malware #CryptoWallet
A chilling new scam targeting developers has come to light, thanks to a report by a user named Evada on the tech forum V2EX. During a job application process, Evada was instructed by a recruiter to clone and work on a GitHub project — but what seemed like a standard coding task was actually a stealthy malware trap.
🧨 The Trap:
Inside the project, a seemingly harmless file named logo.png wasn’t just an image — it was embedded with executable malicious code. The project’s config-overrides.js file secretly triggered the execution, designed to steal local cryptocurrency private keys.
📡 How It Worked:
The malicious script sent a request to download a trojan file from a remote server.
Once downloaded, it was set to run automatically on system startup, giving the attacker persistent access.
The payload aimed specifically at crypto wallets and sensitive user data.
🛑 Immediate Action Taken:
V2EX admin Livid confirmed the offending user account has been banned.
GitHub has also removed the malicious repository.
💬 Community Reaction:
Many developers expressed alarm at this new method of targeting coders through job applications. The scam blends social engineering with technical deception, making it especially dangerous.
⚠️ Key Takeaway for Developers:
Never trust code or templates from unknown or unverified sources — even if they come from a so-called recruiter.
Always inspect suspicious files, especially image or media files in dev projects.
Use a secure, sandboxed environment when working on unfamiliar projects.
🔐 Stay safe, devs — scammers are getting smarter, but awareness is your first line of defense.
#DevAlert #GitHubScam #CryptoSecurity2025 #Malware #CryptoWallet
Daha çox məzmunu araşdırmaq üçün daxil olun