V2EX user exposes recruitment project hiding malicious code, suspected of stealing cryptocurrency assets

According to the V2EX website, user Evada recently posted that during the job application process, she was asked to use the GitHub project template specified by the recruiting party to develop a page, and it was found that there was malicious code in the project. Specifically, the logo.png file in the project appears as an image on the surface, but actually contains executable code that triggers execution through the config-override.js file, with the intention of stealing the user's local cryptocurrency private key. Evada pointed out that the malicious code will send requests to specific websites, download Trojan files, and set them to boot up automatically, which has high concealment and harm. V2EX administrator Livid stated that the account in question has been banned, and GitHub has also removed the relevant malicious repository. Multiple users commented that this new type of fraud targeting programmers is extremely confusing, reminding developers to be vigilant when running projects from unknown sources.