Uncovering a Web3 Interview Scam

Description

A Ukrainian Web3 team's interview process involved cloning a GitHub repository containing malicious components. Analysis revealed the project replaced a legitimate dependency with a malicious NPM package, rtk-logger@1.11.5. This package collected sensitive data, including cryptocurrency wallet information, from popular browsers and uploaded it to an attacker-controlled server. The malware also implemented keylogging, screen capture, and clipboard monitoring. Two other GitHub accounts were found using a similar malicious package. The scam aimed to trick interviewees into executing malicious code, potentially leading to data leaks and asset theft. Developers are advised to exercise caution when handling unknown GitHub projects and to use isolated environments for execution.