AI-Powered RWA Finance Platform: Developer Review ZIP Uses Git Hooks to Stage a Tri-Port JavaScript Implant
“The dev branch was a threshold; crossing it woke the hook.” Executive Summary This report analyzes a recruitment-themed malware delivery attempt that abused a developer review workflow. A LinkedIn recruiter persona using the name Bill Johnson, CTS sent the target a LimeWire file-sharing URL for an archive named AI-Powered_RWA_Finance_Platform.zip: hxxps://limewire[.]com/d/Fw4jF#TNRRfGHC7h The lure framed the work as a review of an abandoned AI-powered real-world-asset finance platform. The actor claimed prior developers were poor at Git and pointed the reviewer at a repository snapshot where the master branch was incomplete. The repository README then instructed the reviewer to run: ...