Nov 2, 2023 10:14:58 AM by Georgi G
I was invited to submit a proposal for a project yesterday and the client contacted me shortly after that. Initially everything went well, a contract was created and I was requested to review the codebase on the client's Github repository.
This is where things started to look strange - the code in the repository had nothing to do with what we discussed previously. It contained files encoded in base64 without any obvious reason. The client kept insisting that I need to "setup the project on my computer"
When I asked the client about the strange code they told me that a friend gave them the code.
Finally I decided to give it a try and ran did the setup process (in a virtual machine). Unsurprisingly the "code" tried to collect data from the system, mainly browser log files, cookies, possibly passwords and send them to a server somewhere.
I have been working here for years now and I never reported anyone but I think this time I should do it.
So I wanted to ask if I need to submit a support ticket for this or simply posting here will be sufficient?
Nov 2, 2023 10:31:34 AM by Mykola A
Report it via site too.
This mallware also searching for cryptowallets and deploying remote control.
Nov 2, 2023 04:39:15 PM by Georgi G
Yes, you are right the malware code attempted to get Metamask data too!
I reported the conversation with the client in the Upwork chat too.