Recently, a user discovered that the GitHub project template specified by the employer contained malicious code during a job application. The disguised logo.png file could execute malicious operations to steal Crypto Assets Private Key. The V2EX administrator has banned the relevant account, and GitHub has also deleted the malicious repository, reminding developers to pay attention to security.

GitHub

Private Key

PANews, July 28 news, according to V2EX website, user evada recently posted that during the job application process, they were required to use a GitHub project template specified by the recruiting party to develop the page, and found that the project contained malicious code. Specifically, the logo.png file in the project appears to be an image, but actually contains executable code, which is triggered for execution through the config-overrides.js file, with the intent to steal the user's local Crypto Assets Private Key.
Evada pointed out that the malicious code sends requests to specific URLs, downloads trojan files, and sets them to start automatically on boot, exhibiting a high level of concealment and harm. V2EX administrator Livid stated that the involved accounts have been banned, and GitHub has also deleted the related malicious repositories. Several users commented that this type of new scam targeting programmers is highly deceptive, reminding developers to be vigilant when running projects from unknown sources.

近日，一用户在应聘中发现招聘方指定的GitHub项目模板中含有恶意代码，伪装的logo.png文件可执行恶意操作，窃取加密货币私钥。V2EX管理员已封禁相关账号，GitHub也删除了恶意仓库，提醒开发者注意安全。

PANews 7月28日消息，据V2EX网站，用户evada近日发帖称，在应聘过程中被要求使用招聘方指定的GitHub项目模板开发页面，结果发现该项目中存在恶意代码。具体表现为，项目中的logo.png文件表面为图片，实则包含可执行代码，并通过config-overrides.js文件触发执行，意图窃取用户本地加密货币私钥。
evada指出，该恶意代码会向特定网址发送请求，下载木马文件并设置为开机自启动，具有极高的隐蔽性和危害性。V2EX管理员Livid称已对涉事账号进行封禁，GitHub也已删除相关恶意仓库。多名用户评论称，这类针对程序员的新型诈骗手段极具迷惑性，提醒开发者在运行来源不明的项目时务必提高警惕。

V2EX用户揭露招聘项目藏恶意代码，疑盗取加密货币资产

V2EX users expose a recruitment project hiding malicious code, suspected of stealing Crypto Assets.

The Artificial Superintelligence Alliance (FET) will unlock 3.05 million Tokens on July 28 at 8:00, worth approximately 2.4 million USD, accounting for 0.12% of the Circulating Supply.

Token unlock

"Update to the You Know I Love You (YKILY) Network homepage on the Delysium Official Website"

YKILY Homepage Update

Ether.fi will hold a community call on Zoom on July 29th to present its current growth outlook and review key fundamentals.

Community Call

Levva Protocol has announced that the beta phase of Levva 2.0 will begin on July 29, 2025.

Version 2.0 Beta Launch

Claim portal for Sonic SVM mainnet rewards opens, 2pm UTC for eligible users.

Mainnet Rewards

福利中心

小红花-Learn & Explore-博客

小红花-Learn & Explore-快讯

币圈-币圈-未来事件

小红花-Learn & Explore-聊天室

小红花-Learn & Explore-直播

小红花-Learn & Explore-动态

币圈

芝麻金融-更多-ETH2.0挖矿

芝麻金融-更多-法币理财

芝麻金融-更多-抵押借币

链上赚币

芝麻金融-理财-双币宝

芝麻金融-理财-定期理财(屯币)

芝麻金融-理财-结构性理财

芝麻金融-理财-理财宝

芝麻金融-更多-财富管理

芝麻金融-理财-余币宝

量化基金

GT挖矿

芝麻金融-更多（理财产品）

芝麻金融-理财（打新）

launchpool

launchpad

赚币-HODLer Airdrop

candy_drop

web3 Airdrop

BTC挖矿

VIP专享

赚币

模拟交易

衍生品-期权

衍生品-交割合约

衍生品-永续合约

合约入门

合约活动

衍生品-统一账户

衍生品

交易-杠杆ETF

交易-杠杆交易

交易-闪兑

交易-现货交易

交易-创新交易

交易-交易工具

交易-交易类型

交易-合约跟单

交易-机器人广场

交易-盘前交易

Alpha

交易

行情

买币-gateCard

卖币

买币-快捷交易

买币

买币-paywith

法币定投

小红花-推广

新手指南

活动中心

小红花-Learn & Explore-学院

小红花-Exchange-最新公告

小红花-Exchange-帮助中心

gate商店

小红花-Promotions-邀请计划

小红花-promotions-代理商

储备金

vip服务

合作伙伴

小红花-Promotions-机构和VIP服务

Gate OTC

cextg小程序

机构-经纪商项目

web3

交易机器人(账户)

V2EX users expose a recruitment project hiding malicious code, suspected of stealing Crypto Assets.

Hot Topics

Crypto Calendar