Active Members MrGrj Posted December 9 Active Members Report Posted December 9 A few days ago, a user contacted me on LinkedIn with a job offer, the message seemed very direct to me, but when I checked his profile and the company he worked for, everything seemed quite normal, and after answering the messages, and starting a process the interview went pretty straight forward (personal interview about my technical background, personal projects, etc), everything very normal up to that point. At the time of the technical interview, this person gave me the link to a repository where the challenge was (a backend/frontend project with a README in the root with the instructions). Maybe it was nerves, or maybe I was too confident, but I didn't review the code before running the project on my machine, but when I started the backend, I notice that although the terminal showed me that the server was running with no errors, I notice that when making any request no log appears, and that caught my attention. After making a review of the code I notice this weird line hidden at the end of a file (Picture 1 and 2) That was the line that prevented the server from running, when I checked that file I found this (Picture 3) The file is obfuscated, but at first glance you can tell it's an IIFE, and using an online tool I tried to decrypt it as much as I could and I found this kind of things (Picture 4, 5, 6, 7, 😎 Clearly that script was gathering information from my computer and sending it to that IP, and from what I can see the information it is trying to retrieve is related to crypto wallets. Obviously, all the responsibility here falls on me for not having reviewed the code at the beginning, or running the project on a virtual machine, as I said at the beginning, perhaps it was the nerves of the "interview" and I forgot about that. Another detail that I noticed after looking at the code more closely is that the folder where the script is is ".svn" (something very familiar to those who used Subversion), but the detail here is that many folders that start with a "." gets hidden by VSCode on the file explorer, so it was harder to notice if I hadn't found the reference in the code. Luckily they haven't been able to take any information from my computer since I don't have anything related to crypto, but I have had to change all my passwords, so lesson learned. Source 1 Quote
Nytro Posted December 9 Report Posted December 9 Interesant scenariu. Asa se pot strange si CV-uri despre random persoane. Dar oricum, nu rulezi niciun fel de cod la tine daca nu e "trusted". 1 Quote
