A Backdoor in a LinkedIn Job Offer

linkedin, phishing, scams, social engineering, social media, vulnerability /

A LinkedIn message from a recruiter at a crypto startup led Roman Imankulov to analyze a suspicious GitHub repo purportedly needing a Node modules review. The repo contained a hidden backdoor in a test file that executed arbitrary code fetched from a remote server whenever dependencies were installed, triggered by an npm lifecycle script. The repo and recruiter used stolen identities, highlighting the risk of supply-chain and social engineering attacks via seemingly legitimate job offers.

https://roman.pt/posts/linkedin-backdoor/

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top