V2EX users expose a recruitment project hiding malicious code, suspected of stealing Crypto Assets.

PANews, July 28 news, according to V2EX website, user evada recently posted that during the job application process, they were required to use a GitHub project template specified by the recruiting party to develop the page, and found that the project contained malicious code. Specifically, the logo.png file in the project appears to be an image, but actually contains executable code, which is triggered for execution through the config-overrides.js file, with the intent to steal the user's local Crypto Assets Private Key. Evada pointed out that the malicious code sends requests to specific URLs, downloads trojan files, and sets them to start automatically on boot, exhibiting a high level of concealment and harm. V2EX administrator Livid stated that the involved accounts have been banned, and GitHub has also deleted the related malicious repositories. Several users commented that this type of new scam targeting programmers is highly deceptive, reminding developers to be vigilant when running projects from unknown sources.