by sandwichsphinx on 12/26/24, 8:20 PM with 12 comments
by can16358p on 12/29/24, 4:31 PM
When I ran the app some parts seemed broken as expected everything was otherwise normal. He then asked me that whether I'm running in a VM or not and some features wouldn't work in a VM and I should have ran on my actual computer. It was an immediate red flag (why would a React app need that?). I checked running processes on the VM and saw a Python instance. When I examined the opened files it pointed to a suspicious file, and it was a fresh VM and nothing in the project setup needs Python for anything. Then I zipped the project, sent it to ChatGPT and asked about malware, and it found a totally obfuscated dev-targetting malware-downloading script disguised as error handler middleware. If I ran it on my machine, it could have stolen at least a thousand bucks from my local crypto wallets: I checked the payload code via HTTP interception and realized that the script sends any private keys for crypto wallets to its own server, and I'd never be sure of my system again anyway.
I've warned the hosting company (though it seemed like a very cheap and sketchy one anyway), and I found out that the person on LinkedIn has blocked me in the meantime.
These are very real threats, be careful.
by prophesi on 12/29/24, 5:58 PM
[0] https://jp.security.ntt/tech_blog/contagious-interview-otter...