UNIT.City — місце, де люди працюють... КРАЩЕ! Обирай свій простір просто зараз 👉
Наталя ХандусенкоHot News
18 June 2025, 16:19
2025-06-18
“The scammers got smarter, it looked as believable as possible.” The developer talked about a new scheme of scammers-recruiters on LinkedIn. Claude helped to identify the dangerous code
Frontend Developer Valeria Muntyan was contacted by a recruiter from a supposedly American startup with an offer to create a website, and this required experience in React, Node.js, and Web3. Interested in the project, she asked for more detailed information, but not having time to study the GitHub repository, the developer sent it to Claude.
Frontend Developer Valeria Muntyan was contacted by a recruiter from a supposedly American startup with an offer to create a website, and this required experience in React, Node.js, and Web3. Interested in the project, she asked for more detailed information, but not having time to study the GitHub repository, the developer sent it to Claude.
Victoria has experience with React and Node.js, but specializes more in Web3 and blockchain. According to her, the narrower the niche, the more “recruiters” write with “hot” offers who really “just want to get into the computer and extract data and crypto.”
“Usually they (ed. — scammers) are visible in the first messages: “install our Metamask fork for testing”, “run npm install”. But what arrived the other day looked as believable as possible,” Valeria wrote on LinkedIn.
According to her, there was regular business correspondence, a request for a CV, a sample contract, an NDA, and an invitation to a private GitHub repository.
"The recruiter requested my email, which is linked to GitHub, to send an invitation to a private repository in which they started creating this startup. For reinsurance, I sent him not an email, but a nickname from GitHub. I also asked him about the contract. and he sent an NDA contract, but to sign it later, that's what he replied," Valeria told dev.ua.
He gave the developer 1 hour to check the site in the repository and write ideas for improving the project. So, not having enough time, the IT worker dumped the server code into the Claude AI.
As a result, Claude found a scam code that was related to cookies.
"That is, the scammers have gotten smarter and are already running their scam code on their remote server, instead of adding it to this repository. To make it harder to detect them," Victoria noted.
Screenshot of the code discovered by Victoria with the help of Claude
Victoria explained what makes the code dangerous:
the script decodes the keys from env, collects the hidden HTTP request and pulls any JS code from the remote server;
Function.constructor executes the received code locally. The attacker then gains full access to your cookies, .env, SSH keys, and everything on the system.
"This code is dangerous because it can steal all data from the computer, crypto, information from browser sessions, and even start mining," the developer added.
After realizing it was a scam, Victoria immediately reported the LinkedIn profile. She also sent a report to the repository and GitHub profile of the person who made it.
Hackers from North Korea rent profiles of foreigners on LinkedIn, Fiverr and Upwork and apply for vacancies at IT companies on their behalf. A cyber specialist conducted an experiment - his rented profile received an offer for $80,000
The developer became an OSINT investigator for a while and exposed a major fraudulent scheme on LinkedIn. Deceived IT professionals are ready to sue the scammers
LinkedIn заблокував пост айтішника «за булінг та харасмент». Раніше він поскаржився в підтримку на іншого користувача, що звинуватив українську IT-компанію у нацизмі
Проект "Військовий експерт" з Андрієм Святинею. 1210 день війни. Партизанський рух України!https://cannibal-news.blogspot.com/2025/06/1210.html?m=1