"You're doing a test, and in the meantime your data is being stolen by crypto fraudsters." IT-guy from Yalantis told about the new "scheme" of criminals

Engineering Director, SDET Lead at Yalantis Artur Shevchenko talked about a new fraudulent scheme related to the execution of a test task.

«The boy was sent a test — he had to start the server and perform a certain task. When starting the server did not show logs. He noticed that one module was wired up rather strangely (the wiring code was hidden by a bunch of indents so it wouldn’t be visible in VSCode’s file explorer).

 

 

 

Below was this file:

Upon analysis, the candidate realized that the file was collecting information from the computer and sending it to an IP address. It is clear from everything that the data they tried to steal was related to crypto wallets.

Artur Shevchenko gives advice on how to avoid danger in such a case:

— Check the code before running: analyze the project, especially the scripts in the root files, hidden folders or modules.

— Use an isolated environment: run the code in virtual machines (VirtualBox, VMware or Hyper-V) or Docker (something like docker run —rm -it -v $(pwd):/app -w /app node:latest bash), to avoid access to real data on your computer.

— Alternatively, you can create a separate account. If you don’t want to configure the VM, you can create a separate user account on your computer with minimal access rights.

— Scan the repo: tools for analyzing malicious code can help you here.

— Analyze hidden files: everything starting with «.» may be hidden in the IDE. You can turn on the display of hidden files so that you don’t miss anything.

— Check dependencies: check package.json, requirements.txt, or other dependency files for suspicious libraries

— Obfuscated code: opaque code (eg long uncommented lines, minified or obfuscated scripts) from unknown people is a reason for additional verification

— Suspicious IP addresses or domains in the code is a red flag.

An expert explained how fraudsters use programs with remote access for hacking and whether it is possible to protect against the loss of personal data and money

On the subject

An expert explained how fraudsters use programs with remote access for hacking and whether it is possible to protect against the loss of personal data and money

Crypto fraudsters hacked OpenAI’s account on X by sending messages about the «launch» of a fake token

On the subject

Crypto fraudsters hacked OpenAI’s account on X by sending messages about the «launch» of a fake token

Read the main IT news of the country in our Telegram

On the subject

Read the main IT news of the country in our Telegram