Javascript

“He came as a messenger with gifts, and the birds grew fat.” Executive Summary A threat actor operating a fake recruiter persona on LinkedIn approached developers with a CTO-level opportunity at a fabricated Japanese e-commerce company. After establishing credibility through a polished project brief, the actor shared a GitHub repository named Japanese-Royal as part of a technical interview, directing the target to review and run the codebase. The repository contained a multi-stage implant reachable through several routine developer actions, including VS Code folder-open tasks, npm lifecycle hooks, normal startup scripts, and direct server execution. ...

“The snare is laid in secret; the prey walks toward it of his own will.” Executive Summary A threat actor, operating a fake recruiter persona on LinkedIn, targeted developers by asking them to complete a “technical assessment” that required cloning and running a malicious GitHub repository named Tech-Core. The repository contained a multi-stage malware implant designed to execute through two paths: VS Code workspace task abuse and npm script execution. ...