A backdoor in a LinkedIn job offer
21 hours ago
- #Backdoor
- #Security
- Received a suspicious LinkedIn job offer from a recruiter at a crypto startup.
- Recruiter sent a GitHub repo with a backdoor disguised as a Node module test.
- The backdoor assembles a URL and executes any code sent from the server.
- Automatically triggers via npm's 'prepare' script upon dependency installation.
- Both recruiter and repo author identities were impersonated from real people.
- Used a sandboxed VPS and AI agent to safely analyze the repo, avoiding infection.
- Highlighted the importance of security hygiene and automated code review tools.
- Reported the incident to GitHub and LinkedIn, but no action was taken initially.