A Web3 team claiming to be from Ukraine lured members to clone malicious code under the pretext of an interview.

PANews reported on August 9 that according to SlowMist, a community member was recently asked to clone a GitHub code repository locally during an interview with a Web3 team claiming to be from Ukraine. The member wisely refused.

Analysis revealed that the repository contained a backdoor that, if cloned and executed, would load malicious code, install malicious dependencies, steal sensitive browser and wallet data (such as Chrome extension storage and possible mnemonic phrases), and exfiltrate it to the attacker's server. This is a scam using job offers as bait. Be vigilant and never run code from unverified sources.