Interview Trap: Blockchain-Staged JavaScript RAT Delivered via LinkedIn
“The snare is laid in secret; the prey walks toward it of his own will.” Executive Summary A threat actor, operating a fake recruiter persona on LinkedIn, targeted developers by asking them to complete a “technical assessment” that required cloning and running a malicious GitHub repository named Tech-Core. The repository contained a multi-stage malware implant designed to execute through two paths: VS Code workspace task abuse and npm script execution. ...