A recent incident highlights the increasing sophistication of job scams targeting developers. Boris Vujičić, a web developer from Serbia, was approached via LinkedIn by a recruiter claiming to represent a blockchain firm named Genusix Labs. Despite his previous experiences with recruitment scams, this particular outreach appeared legitimate, prompting him to engage further.
Initial Engagement and Interviews
Vujičić typically ignores such messages, but the presence of a professional-looking website and a LinkedIn profile for the recruiter led him to proceed. He participated in a video interview with an HR representative, which felt authentic. Following this, he had a technical interview with two engineers, both of whom were also listed on the company’s website. The conversation included light-hearted remarks about job scams, which contributed to Vujičić’s sense of security.
Execution of Malicious Code
During the technical interview, Vujičić was asked to complete a live-coding test. Although he initially expressed caution, the engineers reassured him that he could check for any suspicious elements in the code. Ultimately, he ran the code, which triggered a macOS popup requesting permission for a background process. Upon realizing the potential threat, he quickly terminated the session and disabled his Wi-Fi.
Impact of the Breach
Within the brief time the code was active, Vujičić’s system was compromised, resulting in the theft of 634 saved Chrome passwords, his macOS keychain, and MetaMask wallet data. He noted that the malicious script was cleverly concealed within a dependency, executing silently in the background. The code was designed to adapt based on the CPU architecture and included functionality for file theft and backdoor access.
Response and Reporting
After the incident, Vujičić took immediate action by removing the malware and changing all his passwords. He reported the fraudulent GitHub repository and the fake company profiles to relevant platforms, including npm and LinkedIn. Vujičić also shared the incident details with zeroShadow, a firm that had previously investigated a breach at his former employer, Step Finance. They suspect that North Korean-linked attackers may be behind both incidents, as they share similar tactics and code.
This incident underscores a growing concern regarding the sophistication of scams targeting developers, raising questions about how to effectively safeguard against such threats in the future.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
