
A Fake Web3 Job Sent Me a 'Test Project'. It Was a Remote-Access Backdoor
A LinkedIn ‘investor’ offered me a $70-120/hr Web3 job and sent a ‘skill assessment’ repo with a 2-3 hour deadline. The moment its server boots, it fetches code from an attacker’s machine and runs it with full Node.js privileges. I recognized the trap, told him I’d run it (I hadn’t), and handed him back his own command-and-control link. Here is the full teardown.