Through linked in, or other business websites, someone impersonating some company (like an exchange) will ask you if you can code for bitcoin/cryptocurrency/web3/whatever. Then, they'll invite you to a github repository that looks innocent and OK. It can be nodejs, C#, Rust, or anything that has its own package manager and build-script capabilities. Finally, if you open that project in your fancy IDE, like VSCode, the project build script (with nodejs, C# nuget, or cargo's build.rs in rust) will execute the malware through a child process, which can do all the typical stuff malware does, including info and browser-cookies stealing, taking crypto stored on the machine, key loggers, and so on.
So, there it's. I found this kind of attack esoteric, so I wanted to let you know that by just opening a project in your IDE, you're risking being hacked.
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments