Trending News: From traditional replication to innovation Can Backpack seize the future?Saylor’s $200 trillion BTC strategy: U.S. BTC domination and immortalityEthereum’s two major upgrades to Pectra and Fusaka are explained in detail. What will be brought to ETH?Coingecko: How do investors view the potential of crypto AI technology?Galaxy: Research on the current situation of Futarchy governance system and on-chain forecast marketThe latest updates from ETH and Solana: What are the things to pay attention to?Golden Encyclopedia | What is address poisoning attack? How to avoid it?Quick view of Binance HODLer’s latest airdrop project Particle NetworkWill Celestia pose a threat to Ethereum?Ethereum supply tightening: a prelude to a price rebound or a temporary fog?BSC Meme’s popularity remains unabated for a week. Can it really work this time?Galaxy: The Twilight Road to Web3 GamesEthereum declines, PVP prevails, misses the summer of 2020Why invest in AR?How Bitcoin Takes Over Wall StreetThe lively thrill of CZ and MEME BNB Chain is in progressPoW mining does not constitute securities issuance. No registration is required. See what the US SEC said.PumpFun fills up the Swap puzzle, the first encrypted dApp outline appearsTrump: The United States will dominate cryptocurrencies and next-generation financial technologyWhy are North Korean hackers so good at stealing cryptocurrencies?Why can BSC successfully replicate the Solana Ecological Meme miracle?Hacker storm resurfaces: OKX suspends DEX, Binance winsAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraEthereum price falls into a “cursed” downward trend and may continue throughout the yearStrategic Reserves and Game of Thrones II: The Encrypted Order in the Trump AgeRAY rose by more than 22% in 24 hours: Raydium LaunchLab In-depth Research ReportPectra upgrade countdown Vitalik explains the “Wallet Security” strategy in detailIt turns out that this is how BSC gets rich by beating dogsThe Middle East is coming, and the Golden Dogs are constantly on the BSC chainMubarak soared by 1300 times CZ has added several more A8 players to BSCBankless: What are native Rollups?Bitwise: Why is it said that the tariff war triggered a sharp pullback in BTC is a buying opportunityBTC pullback nearly 30% When will institutional funds returnEthereum Don’t let newcomers downThe narrative of altcoin ETF is not working?Time of liquidity ebb: Who is protecting the Tower of Babel of Ethereum?The next major upgrade to Bitcoin?Evaluation of OP_CAT and OP_CTVMake encryption great again Trump helps Wall StreetThe latest speech by former vice president of the central bank: The rise and challenge of cryptocurrenciesBitcoin’s crossroads: Bear or new highs, where will the market goLinkedIn Recruitment Phishing AnalysisGold hits record high How long will it take for Bitcoin to beTrump adviser David Sacks’ “clearance drama”Meme currency market review: How many people have caught the Golden Dog in the past year?3 Reasons Why Ethereum Still Being Bullish After Slump to 17-Month LowJudicial disposal of virtual currencies: Beware of becoming illegal financial activitiesFinancial advisors and large brokerage firms drive the next wave of Bitcoin ETF adoptionBTC ETF Next Process: Financial Advisors and Big Institutions Lead the Expansion WaveSudden news: Trump’s stake in BinanceLogical analysis of Binance’s share reduction and MGX investment: Valuation Motivation and Market InfluenceEthereum Prague Upgrade In-depth Research Report: Ecological Impact and Future OutlookCan the Pectra upgrade reshape the Ethereum ecosystem?Binance surrenders to the UAEGolden Encyclopedia | What role does gold, oil, and BTC play in the US reserves?How did Meme coins go from online jokes to crypto culture engines?Users don’t want VC coins or meme coins. So what do users want?a16z: Exploring the efficient and secure path of zkVMGlassnode: Is there still a bull market?What is the bottom of this round of declineARK Research Report: Oversold, Currency Circulation—A Study on the Crypto Market in FebruaryWeb3 Consumer Application mainstream paradigm, opportunities and challengesEthereum standing at the intersectionWhat made Solana revenue plummet 93% from its January high?Glassnode: Is the metaverse cold?The data on the chain tells you the answerStill bullish?Or are we in the stage of “wealth extinction”?Founder of Cardano: From ETH veteran to “not doing business” all-rounderA brief history of the relationship between Ethereum and ZKTexas Senate advances Bitcoin Reserves Act with bipartisan supportCysic: The future of Ethereum expansion lies in hardware rather than softwareThe reason why the market “vote with its feet” Bitcoin war reserve planThe inside story of the meeting where Trump’s cabinet and Musk clashDOGE Operation: How Musk uses an unofficial team to leverage the White HouseTrump signs executive order for BTC strategic reservesGold VS Bitcoin: One World Two SystemsCan Odin.fun, which is under the hacker’s misunderstanding, shoulder the banner of Bitcoin ecological revival?Coingecko: Who is the biggest culprit of the demise of this round of Meme currency market?From billionaires to prisoners: SBF talks about life in prison and FTX bankruptcy cloudFrom Hong Kong to Denver Ethereum is entering the “Dunkirk Moment”Interpretation of Trump’s crypto reserve executive order: BTC arms race officially beginsThe United States officially establishes a strategic reserve of cryptocurrencies, and the good news is out.From Hong Kong to Denver Ethereum is entering the “Dunkirk Moment”Golden Encyclopedia | What is a multi-signature cold wallet?How safe is it?Ethereum’s second Pectra test has a vulnerability that may cause upgrade delaysBankless: Take stock of the top five hottest airdrop opportunities in the crypto fieldDeFi regulation ushers in a turning point, U.S. lawmakers want to abolish IRS’s broker rulesCultural differences or are there any high places in the temple and not worry about the people?CZ falls into a whirlpool of public opinionStrategic Reserves and Game of Thrones: The Encrypted Order in the Trump AgeTrump’s Congressional Speech: US Economy, Tariff Policy, Vision of RevivalWhat are the highlights of the White House Cryptocurrency Summit? Who will participate?Preview of the White House Cryptocurrency Summit: Policies Reset Hope and Uncertainty Still AlwaysWhere is the stage of this cycle we are in?What macro issues should be cared about?When DeFi meets AIEthereum Foundation officially announces new leadershipQuick view of Binance’s 11th HODLer airdrop project: GoPlus SecurityCoinbase: On-chain lending market structure and its impactHayes: Still in a bull cycle, Trump’s BTC will reach $1 millionWhat factors have caused the crypto market to fall in February?Will it continue to weaken in the futureIf Musk fails this time, the US debt crisis will be out of controlPantera Partner: The Rise of Cryptocurrencies in AsiaMeme Coin: From social experiments to retail investors’ “value extraction” tool
Mon. Apr 7th, 2025
Trending News: From traditional replication to innovation Can Backpack seize the future?Saylor’s $200 trillion BTC strategy: U.S. BTC domination and immortalityEthereum’s two major upgrades to Pectra and Fusaka are explained in detail. What will be brought to ETH?Coingecko: How do investors view the potential of crypto AI technology?Galaxy: Research on the current situation of Futarchy governance system and on-chain forecast marketThe latest updates from ETH and Solana: What are the things to pay attention to?Golden Encyclopedia | What is address poisoning attack? How to avoid it?Quick view of Binance HODLer’s latest airdrop project Particle NetworkWill Celestia pose a threat to Ethereum?Ethereum supply tightening: a prelude to a price rebound or a temporary fog?BSC Meme’s popularity remains unabated for a week. Can it really work this time?Galaxy: The Twilight Road to Web3 GamesEthereum declines, PVP prevails, misses the summer of 2020Why invest in AR?How Bitcoin Takes Over Wall StreetThe lively thrill of CZ and MEME BNB Chain is in progressPoW mining does not constitute securities issuance. No registration is required. See what the US SEC said.PumpFun fills up the Swap puzzle, the first encrypted dApp outline appearsTrump: The United States will dominate cryptocurrencies and next-generation financial technologyWhy are North Korean hackers so good at stealing cryptocurrencies?Why can BSC successfully replicate the Solana Ecological Meme miracle?Hacker storm resurfaces: OKX suspends DEX, Binance winsAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraEthereum price falls into a “cursed” downward trend and may continue throughout the yearStrategic Reserves and Game of Thrones II: The Encrypted Order in the Trump AgeRAY rose by more than 22% in 24 hours: Raydium LaunchLab In-depth Research ReportPectra upgrade countdown Vitalik explains the “Wallet Security” strategy in detailIt turns out that this is how BSC gets rich by beating dogsThe Middle East is coming, and the Golden Dogs are constantly on the BSC chainMubarak soared by 1300 times CZ has added several more A8 players to BSCBankless: What are native Rollups?Bitwise: Why is it said that the tariff war triggered a sharp pullback in BTC is a buying opportunityBTC pullback nearly 30% When will institutional funds returnEthereum Don’t let newcomers downThe narrative of altcoin ETF is not working?Time of liquidity ebb: Who is protecting the Tower of Babel of Ethereum?The next major upgrade to Bitcoin?Evaluation of OP_CAT and OP_CTVMake encryption great again Trump helps Wall StreetThe latest speech by former vice president of the central bank: The rise and challenge of cryptocurrenciesBitcoin’s crossroads: Bear or new highs, where will the market goLinkedIn Recruitment Phishing AnalysisGold hits record high How long will it take for Bitcoin to beTrump adviser David Sacks’ “clearance drama”Meme currency market review: How many people have caught the Golden Dog in the past year?3 Reasons Why Ethereum Still Being Bullish After Slump to 17-Month LowJudicial disposal of virtual currencies: Beware of becoming illegal financial activitiesFinancial advisors and large brokerage firms drive the next wave of Bitcoin ETF adoptionBTC ETF Next Process: Financial Advisors and Big Institutions Lead the Expansion WaveSudden news: Trump’s stake in BinanceLogical analysis of Binance’s share reduction and MGX investment: Valuation Motivation and Market InfluenceEthereum Prague Upgrade In-depth Research Report: Ecological Impact and Future OutlookCan the Pectra upgrade reshape the Ethereum ecosystem?Binance surrenders to the UAEGolden Encyclopedia | What role does gold, oil, and BTC play in the US reserves?How did Meme coins go from online jokes to crypto culture engines?Users don’t want VC coins or meme coins. So what do users want?a16z: Exploring the efficient and secure path of zkVMGlassnode: Is there still a bull market?What is the bottom of this round of declineARK Research Report: Oversold, Currency Circulation—A Study on the Crypto Market in FebruaryWeb3 Consumer Application mainstream paradigm, opportunities and challengesEthereum standing at the intersectionWhat made Solana revenue plummet 93% from its January high?Glassnode: Is the metaverse cold?The data on the chain tells you the answerStill bullish?Or are we in the stage of “wealth extinction”?Founder of Cardano: From ETH veteran to “not doing business” all-rounderA brief history of the relationship between Ethereum and ZKTexas Senate advances Bitcoin Reserves Act with bipartisan supportCysic: The future of Ethereum expansion lies in hardware rather than softwareThe reason why the market “vote with its feet” Bitcoin war reserve planThe inside story of the meeting where Trump’s cabinet and Musk clashDOGE Operation: How Musk uses an unofficial team to leverage the White HouseTrump signs executive order for BTC strategic reservesGold VS Bitcoin: One World Two SystemsCan Odin.fun, which is under the hacker’s misunderstanding, shoulder the banner of Bitcoin ecological revival?Coingecko: Who is the biggest culprit of the demise of this round of Meme currency market?From billionaires to prisoners: SBF talks about life in prison and FTX bankruptcy cloudFrom Hong Kong to Denver Ethereum is entering the “Dunkirk Moment”Interpretation of Trump’s crypto reserve executive order: BTC arms race officially beginsThe United States officially establishes a strategic reserve of cryptocurrencies, and the good news is out.From Hong Kong to Denver Ethereum is entering the “Dunkirk Moment”Golden Encyclopedia | What is a multi-signature cold wallet?How safe is it?Ethereum’s second Pectra test has a vulnerability that may cause upgrade delaysBankless: Take stock of the top five hottest airdrop opportunities in the crypto fieldDeFi regulation ushers in a turning point, U.S. lawmakers want to abolish IRS’s broker rulesCultural differences or are there any high places in the temple and not worry about the people?CZ falls into a whirlpool of public opinionStrategic Reserves and Game of Thrones: The Encrypted Order in the Trump AgeTrump’s Congressional Speech: US Economy, Tariff Policy, Vision of RevivalWhat are the highlights of the White House Cryptocurrency Summit? Who will participate?Preview of the White House Cryptocurrency Summit: Policies Reset Hope and Uncertainty Still AlwaysWhere is the stage of this cycle we are in?What macro issues should be cared about?When DeFi meets AIEthereum Foundation officially announces new leadershipQuick view of Binance’s 11th HODLer airdrop project: GoPlus SecurityCoinbase: On-chain lending market structure and its impactHayes: Still in a bull cycle, Trump’s BTC will reach $1 millionWhat factors have caused the crypto market to fall in February?Will it continue to weaken in the futureIf Musk fails this time, the US debt crisis will be out of controlPantera Partner: The Rise of Cryptocurrencies in AsiaMeme Coin: From social experiments to retail investors’ “value extraction” tool
Mon. Apr 7th, 2025

LinkedIn Recruitment Phishing Analysis

Author: 23pds & Thinking

background

In recent years, phishing incidents against blockchain engineers have occurred frequently on the LinkedIn platform. Yesterday, we noticed a post posted by @_swader_ on X.This experience is actually a microcosm of the recruitment of blockchain engineers for fishing. Next, let’s analyze this case.

(https://x.com/_swader_/status/1900116168544817589)

process

According to Bruno’s description, a person who claimed to be the project party took the initiative to contact him and sent him a long project introduction:

The content mainly involves recruitment information for a blockchain Socifi game and staking smart contract platform.

Project Overview

This project is a staking smart contract platform based on Socifi games.Core functions include:

• Decentralized exchanges

• game

• Multi-game community features

• NFTs and Tokens

• Live broadcast service

Recruitment intention

• Looking for developers to join the project.

• Backend and smart contract developers have been recruited.

• Recommend Bruno Skvorc as Project Manager/Head of Front-End Development Team.

MVP Design

• The sender provides a Figma design link to the MVP v2 version.

Recruitment process

  • Background check

  • Online programming test

  • Technical Interview

The recruiter was just vague and then started calling Bruno in an attempt to convey a sense of urgency and importance, and immediately provided the repo link: https://bitbucket[.]org/ventionteam/gameplatform/src/main/.

User and the time to submit the code:

Next, we analyze the malicious code.

Skills and tactics

Let’s look at the code description:

So is it true that its real function?

First look at package.json:

No malicious third-party modules were found, and it seems that they were not attacked through malicious NPM packets.We continue to analyze. When we see server.js, if we don’t pay attention, seeing line 47 may end. After all, there seems to be nothing abnormal when we look at it at first glance.

But, pay attention to look at line 46 carefully, what is that?And there are very small horizontal scroll bars, which means there is something on the right!Let’s drag it over and take a look:

This is an encrypted malicious payload. What is its specific function?Let’s look at the code:

(The above picture is part of the code)

This is encrypted code, and more than one layer, base64 encryption.

After running npm start, it will run normally. So what is the use of this payload?

Our virtual machine runs the test (professional operation, please do not imitate).

I found that this attack method is confusing and decrypting is troublesome. We directly caught the C2 link through the Hook method:

Successfully caught the malicious IP:

  • 216.173.115[.]200

  • 95.179.135[.]133

  • 45.59.163[.]56

  • 45.59.1[.]2

  • 5.135.5[.]48

Malicious request: http://216.173.115[.]200:1244/s/bc7302f71ff3.Interestingly, this malicious request actually bypassed the monitoring detection of little snitch.

The attacker downloads and executes the file, two files, test.js and .npl.

The .npl Trojan is mainly used for permission maintenance:

This is what the decoded by .npl:

The above code is used to download a Python program called pay, and the decoded content is as follows:

The attacker uses Python to execute .npl to maintain permissions.

test.js is mainly used to steal browser data, such as plug-in wallet data, account passwords saved by the browser, etc.:

(test.js code part snippet)

Decryption (fragment):

Finally, according to our analysis, once the victim runs the code, payload will do the following:

1. Collect system/environment data (home directory, platform, host name, user name, etc.).

2. Send an HTTP request to the remote server to obtain additional data or a valid payload.

3. Write the obtained valid payload to the local file system (usually in the home directory).

4. Use Node’s child_process.exec to execute these valid payloads.

5. Continue to connect back or “return” system data to the C2 server.

6. Repeat this activity every once in a while to keep the heartbeat pack, and try multiple times if the first attempt fails.

7. Secretly monitor user behavior and prepare for stealing crypto assets, such as trying to read specific directories /Library/Keychains/ (macOS key storage path), stealing SSH private keys, stealing browser plug-in data, and account passwords saved by the browser.

At the same time @blackbigswan found the same user:

  • https://github[.]com/DavidDev0219

  • https://github[.]com/vention-dev

  • https://github[.]com/FortuneTechWorld

The author speculates that it is the same group of attackers and no longer conducts redundant analysis.

Coping suggestions

Attackers usually send malicious files through Telegram, Discord, and LinkedIn. For this type of phishing attack, we propose the following response suggestions from the perspective of users and enterprises:

user

  • Be wary of suspicious recruitment information or part-time jobs that require downloading or running platform codes such as GitHub, and give priority to verifying the sender’s identity through the company’s official website and official email address, and avoid believing inducing techniques such as “limited-time high-paying tasks”;

  • When processing external code, the source of the project and the author background should be strictly reviewed, and unverified high-risk projects should be refused to run unverified high-risk projects. It is recommended to execute suspicious code in a virtual machine or sandbox environment to isolate risks;

  • Be vigilant about files received by platforms such as Telegram and Discord, disable the automatic download function and manually scan files, and be vigilant about malicious script execution requests under the name of “technical testing”;

  • Enable multi-factor authentication and regularly replace high-strength passwords to avoid cross-platform reuse.

enterprise

  • Regularly organize employees to participate in phishing attack simulation drills to train the ability to identify counterfeit domain names and abnormal requests;

  • Deploy email security gateway to block malicious attachments;

  • Monitor whether sensitive information in the code repository is leaked;

  • Establish an emergency response mechanism for phishing incidents, and reduce the risk of data leakage and asset loss through a multi-dimensional strategy combining technical protection and personnel awareness.

    • jakiro

    Related Posts

    “Long -termists’ in the Crypto industry
    “Long -termists’ in the Crypto industry

    Author: dapangdun Long -termists seem to be a very unpleasant word at the moment, because most people in the circle are pursuing “opportunities for getting rich” and “real wealth feedback”.…

    Continue reading
    A few minutes of Suetong RGB and RGB ++ protocol design: vernacular manual
    A few minutes of Suetong RGB and RGB ++ protocol design: vernacular manual

    Author: Faust, Geek Web3 & AMP; Btceden.org Lianchuang With the popularity of RGB ++ and related assets, discussions on the principles of RGB and RGB ++ protocols have gradually become…

    Continue reading

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Meme

    From traditional replication to innovation Can Backpack seize the future?

    • By jakiro
    • March 26, 2025
    • 21 views
    From traditional replication to innovation Can Backpack seize the future?
    People

    Saylor’s $200 trillion BTC strategy: U.S. BTC domination and immortality

    • By jakiro
    • March 26, 2025
    • 19 views
    Saylor’s $200 trillion BTC strategy: U.S. BTC domination and immortality
    Ethereum

    Ethereum’s two major upgrades to Pectra and Fusaka are explained in detail. What will be brought to ETH?

    • By jakiro
    • March 26, 2025
    • 21 views
    Ethereum’s two major upgrades to Pectra and Fusaka are explained in detail. What will be brought to ETH?
    Research Report

    Coingecko: How do investors view the potential of crypto AI technology?

    • By jakiro
    • March 26, 2025
    • 52 views
    Coingecko: How do investors view the potential of crypto AI technology?
    Research Report

    Galaxy: Research on the current situation of Futarchy governance system and on-chain forecast market

    • By jakiro
    • March 26, 2025
    • 17 views
    Galaxy: Research on the current situation of Futarchy governance system and on-chain forecast market
    Ethereum

    The latest updates from ETH and Solana: What are the things to pay attention to?

    • By jakiro
    • March 25, 2025
    • 19 views
    The latest updates from ETH and Solana: What are the things to pay attention to?
    Home
    News
    School
    Search