SlowMist Cosine: Web3 job seekers fall into code review traps
Jinse Finance reported that a user was attacked by hackers while applying for a Web3 position. The attacker impersonated @seracleofficial and asked the job seeker to review code on Bitbucket. After the victim cloned and ran the code, the malicious program immediately scanned all local .env files and stole sensitive information, including private keys. Security expert Cosine from SlowMist (@evilcos) pointed out that this type of backdoor is a typical "stealer," specifically designed to collect various types of private information from users' computers, including passwords saved in browsers, mnemonic phrases, and private keys from crypto wallets. The expert especially reminded that suspicious code must be analyzed in an isolated environment to prevent being attacked.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Bitcoin miners are shutting down machines due to declining hash revenue
XMAQUINA initiates TGE-related voting, proposing a community sale of up to 110 million DEUS tokens
Trending news
MoreCrypto prices
More
