I had several crypto job 'offers', from somewhat obviously hacked accounts, all of which pointed me to the same version of a repo, where you had to finish some crypto-related task to be considered for the project.
You were intended to run the project and implement some web3 functionality. I assumed it would try to access my wallet, so I ran it in a safe environment, but it only tried to access an endpoint that was already stale.
I forked the project for future reference and was later contacted by a French cybersecurity researcher who found my repo, and deobfuscated code that they had obfuscated. He figured out that it pointed to North Korean servers and notified me that those types of attacks were getting very common.
The group responsible for this activity is known as CL-STA-0240. When it works, the attack installs BeaverTail, InvisibleFerret, and OtterCookie as backdoors.
I forked the project for future reference and was later contacted by a French cybersecurity researcher who found my repo, and deobfuscated code that they had obfuscated. He figured out that it pointed to North Korean servers and notified me that those types of attacks were getting very common.
The group responsible for this activity is known as CL-STA-0240. When it works, the attack installs BeaverTail, InvisibleFerret, and OtterCookie as backdoors.
Here is some more info on these types of attacks: https://sohay666.github.io/article/en/reversing-scam-intervi...