Ask HN: Are they trying to hack me?

3•dgrcode•1mo ago

I'm in the middle of an interaction that has raised a few red flags, and at this point I'm confident this is part of hacking attempt. But I thought asking here could give me a better perspective from an outsider. Here is the sequence of events:

Someone reaches out in Linkedin claiming to have full time and part time roles that match my profile. I say I could be interested in part time work and they immediately reply that there's a 4k monthly salary offer for 15-20 hours per week.

I reply that's half my hourly rate and they reply the client is almost willing to accept but wants to meet with me first. 1st red flag: no problem with doubling the offer

I accept and book a time with their technical person. 2nd red flag: the calendar had pretty much full availability

They tell me to complete a task before the meeting and provide a Microsoft Teams chat with someone from their team to talk about the task.

The person in the chat sends me screenshot of two issues. I ask if they have the code in github, to which they replied "github?". 3rd red flag

Then the same parson sends me a zip file and ask about my node version. 4th red flag

At this point I'm already suspicious and not willing to run that code on my machine. I get a fresh linux install on an old machine and download the code. I asked Cursor to find anything suspicious, and the only thing was a dependency mismatch between package.json and package-lock.json. I check the package present in package-lock, `json-map-source`, which is marked as a malicious package on https://security.snyk.io/package/npm/json-map-source. This package was removed from npm 18 days ago. Big red flag.

I check what's npm's resolution of that mismatch, and I find it would install `json-mappings`. I check on npm this package was created 18 days ago, and the first and only version is 2.3.8, which happens to be the same version flagged as malicious for the package `json-map-source`. Massive red flag

Furthermore, the package is not on git, it's uploaded by a throwaway email, and the README that is shown in npm list the yarn install command as `yarn add json-map-source` (the malicious package). In the code the package is just loaded and passed as middleware to an express app. The package has `sqlite3` as native dependency, which compiles native code.

As I'm writing this message I really don't see how this could be something other than a hack attempt, but I'd love to have someone else's input on this. Especially from people more knowledgeable about security than me, which is easy.

Thanks!

Comments

uyzstvqs•1mo ago

Yes, found the malware in json-mappings. /lib/const.js contains DEV_API_KEY, which is a base64 encoded URL to the actual malware, hosted on an external service. This variable gets used by /lib/caller.js to download and run it. The rest of the project is just copied from pinojs/pino.

dgrcode•1mo ago

Thanks a lot for investigating this further. I'll write a cleaner blog post to alert other potential victims. From the package downloads they're hacking around 200 people per week, just with `json-mappings`. I've definitely would have fallen myself if it wasn't for the few red flags they didn't even try to avoid.

reliefcrew•1mo ago

Maybe finding this out was the point of the task? IOW, part of the interview... if you find the exploit you pass, if not fail.

Just theorizing.

uyzstvqs•1mo ago

Just quickly deobfuscated the payload as well (this is fun). It's a cross-platform infostealer that would've taken your browser cookies, saved passwords, clipboard, and different files including crypto wallets, documents and images.

Their C2 is 144.172.115[.]116 (RouterHosting LLC / Cloudzy in Utah, USA) on ports 8085-8087 over HTTP and WebSockets.

Relevant: https://www.securityweek.com/iran-run-isp-cloudzy-caught-sup...

> I've definitely would have fallen myself if it wasn't for the few red flags they didn't even try to avoid.

Always use a VM for this kind of stuff, even if you're interviewing at Google. More advanced threat actors could also fake Github stars or NPM downloads, or even use a hijacked dependency that used to be legitimate.

Go-busybox: A sandboxable port of busybox for AI agents

Quantization-Aware Distillation for NVFP4 Inference Accuracy Recovery [pdf]

xAI Merger Poses Bigger Threat to OpenAI, Anthropic

Atlas Airborne (Boston Dynamics and RAI Institute) [video]

Zen Tools

Is the Detachment in the Room? – Agents, Cruelty, and Empathy

The purpose of Continuous Integration is to fail

Apfelstrudel: Live coding music environment with AI agent chat

What Is Stoicism?

What happens when a neighborhood is built around a farm

Every major galaxy is speeding away from the Milky Way, except one

Extreme Inequality Presages the Revolt Against It

There's no such thing as "tech" (Ten years later)

What Really Killed Flash Player: A Six-Year Campaign of Deliberate Platform Work

Ask HN: Anyone orchestrating multiple AI coding agents in parallel?

Show HN: Knowledge-Bank

Show HN: The Codeverse Hub Linux

Take a trip to Japan's Dododo Land, the most irritating place on Earth

British drivers over 70 to face eye tests every three years

BookTalk: A Reading Companion That Captures Your Voice

Is AI "good" yet? – tracking HN's sentiment on AI coding

Show HN: Amdb – Tree-sitter based memory for AI agents (Rust)

OpenClaw Partners with VirusTotal for Skill Security

Show HN: Seedance 2.0 Release

Leisure Suit Larry's Al Lowe on model trains, funny deaths and Disney

Towards Self-Driving Codebases

VCF West: Whirlwind Software Restoration – Guy Fedorkow [video]

Show HN: COGext – A minimalist, open-source system monitor for Chrome (<550KB)

FOSDEM 26 – My Hallway Track Takeaways

Show HN: Env-shelf – Open-source desktop app to manage .env files