Uncovering a Web3 Interview Scam

A Ukrainian Web3 team's interview process involved cloning a GitHub repository containing malicious components. Analysis revealed the project replaced a legitimate dependency with a malicious NPM package, rtk-logger@1.11.5. This package collected sensitive data, including cryptocurrency wallet information, from popular browsers and uploaded it to an attacker-controlled server. The malware also implemented keylogging, screen capture, and clipboard monitoring. Two other GitHub accounts were found using a similar malicious package. The scam aimed to trick interviewees into executing malicious code, potentially leading to data leaks and asset theft. Developers are advised to exercise caution when handling unknown GitHub projects and to use isolated environments for execution.

Pulse ID: 689c7d9c70e5cba54257d1a9
Pulse Link: https://otx.alienvault.com/pulse/689c7d9c70e5cba54257d1a9
Pulse Author: AlienVault
Created: 2025-08-13 11:57:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

In light of the ongoing enshittification of #GitHub and the inevitable expansion to #npm, I'm delighted to see that although founded by the commercial entity behind #Deno, https://jsr.io/ shifted to an open governance model earlier this year and is working on "establish[ing] a legal home for JSR, either by joining an existing foundation (e.g., Linux Foundation, OpenJS) or forming its own 501(c)(3) or similar entity."

https://deno.com/blog/jsr-open-governance-board

#DevLog: #Anklang #IPC Bindings

Cleaned up #API for IPC and simplified it

Rewrote C++ <-> #JavaScript binding generator in #TypeScript

Improved code generation for handling of accessors

Tested updated #NPM dependencies

I hope everyone currently fleeing #GitHub is also aware that #npm belongs to GitHub since 2020

Three facts about Microsoft:

Microsoft recently had it's A.I. division take over Github.

Microsoft also owns npm.

Microsoft also hosts over 11 thousand terabytes of Israeli military data on it's Azure servers collected from the mass surveillance of Palestinians, which the Israeli military uses to blackmail people, hold them in captivity, and justify killing them after the fact.

#Development #Experiences
How to make labor-intensive websites · Some suggestions based on personal experience https://ilo.im/165p5a

_____
#Projects #Websites #Dependencies #Compilers #Frameworks #JavaScript #Npm #WebDev #Frontend #Backend

Fake #WhatsApp developer libraries hide destructive data-wiping code

https://www.bleepingcomputer.com/news/security/fake-whatsapp-developer-libraries-hide-destructive-data-wiping-code/

Leute... ich kack sooo ab. Seit 7 Stunden versuche ich vom Nginx Proxy Manager #NPM (dem Web UI) zum normalen #Nginx zu wechseln, da ich für einige Dinge mehr Einstellungsfreiheiten haben möchte.

Seit 7 Stunden...

Erst gabs riesen Probleme mit den Permissions und den SSL Zertifikaten, dann hat Nginx angefangen rumzuspinnen und Subdomains falsche SSL Zertifikate zugwiesen - weiß Gott warum.

Und als Krönung habe ich es nicht mehr geschafft Mastodon live zu bringen. Ich bin wieder da... und meine Nerven sind blank.

Manchmal frage ich mich eigentlich warum ich mir das antue. Einerseits gibt mir das unfassbare Glücksgefühle, wenn endlich etwas läuft und andererseits zieht mich das so runter, wenn es mal nicht läuft.

I *just* started a #dotnet #aspire based experiment containing a #ravendb container and client and have as Nuget dependencies:

12 direct, 90 indirect ones.

If I hear one more joke about the #npm ecosystem from #dotnet folks, you deserve a batman-like slap.

I am getting the follow error when trying to start eleventy in CLI. Any help?

I just made some name and CSS customizations, LOL.

The usefulness of the NPM Advisories feed since it migrated to GitHub somehow degraded, I could not have imagined that’s even possible, #npm #security

Hackers breach #Toptal #GitHub account, publish malicious #npm packages

https://www.bleepingcomputer.com/news/security/hackers-breach-toptal-github-account-publish-malicious-npm-packages/

#NPM package ‘#is’ with 2.8M weekly downloads infected devs with #malware

https://www.bleepingcomputer.com/news/security/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/

Addendum: #siyuan is buggy as fuckery out of the box. My attempts to build the knowledge base constantly ruined.

To be fair, the Moloch thinks it's due to the #NPM (NginX proxy manager) timeouts and store permissions.

But, we will persevere for now.

~yogthos/book-recommend -DeepSeek/Ollama book recommendations based on Bookwyrm or Goodreads library CSV export -sourcehut git https://git.sr.ht/~yogthos/book-recommend #recommendation #OpenSource #sourcehut #bookworm #bookwyrm #book #read #csv #npm

High-Value NPM Developers Compromised in New Phishing Campaign https://www.securityweek.com/high-value-npm-developers-compromised-in-new-phishing-campaign/ #SupplyChainSecurity #SupplyChain #phishing #NPM

High-Value NPM Developers Compromised in New Phishing Campaign https://www.securityweek.com/high-value-npm-developers-compromised-in-new-phishing-campaign/ #SupplyChainSecurity #SupplyChain #phishing #NPM