2026-01-21 03:20:32

Something that needs to be taken seriously. As early as 7 months ago, security researchers detected a covert attack method in the code repository—VSCode-Backdoor. Recently, this trick has resurfaced, with attackers impersonating recruiters to post fake job listings, tricking developers. Once you open what appears to be a normal VS Code project, the hidden malicious task will automatically trigger, pulling JavaScript code from the Vercel platform and then deploying a backdoor program. The result? Attackers gain remote control of your machine directly. This wave of attacks is backed by organized groups and is highly targeted. Web3 developers, exchange engineers, and other high-value targets should be especially vigilant. Do not casually open project code from unknown sources, and always verify the authenticity of recruitment information.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

13 Likes

Reward
13
6
Repost
Share

Comment

0/400

Anon32942

· 19h ago

Bro, recruiting for phishing is really top-notch. Developers should be more cautious. Make sure to verify the source of VSCode projects, especially in Web3. There are often cases of money and fools. This kind of organized attack looks suspicious and a bit alarming. Damn, gaining remote control directly has some serious consequences. Verifying recruitment information should have been common sense long ago. Why are people still falling into traps? I just want to know if the victims of these attacks ever expected something like this. It's so frustrating. Don't touch unfamiliar code. This is a painful lesson.

View OriginalReply0

MentalWealthHarvester

· 19h ago

Wow, this move is brilliant... Fake recruitment phishing, we really have to be careful in this circle.

View OriginalReply0

BrokenDAO

· 19h ago

This warning should have been pinned in the team Slack a long time ago... Someone discovered it 7 months ago, but it had to resurface again before anyone took it seriously. This is a typical case of information incentive distortion. Over here in Web3, it's even more outrageous—high-value targets are the most likely to fall into traps because you're too busy watching the charts.

View OriginalReply0

LiquidityWizard

· 19h ago

Oh my god, this move is too ruthless. Hiring phishing to directly control your machine?

View OriginalReply0

OnchainDetectiveBing

· 20h ago

Oh my, this move is too ruthless. Fake job postings to lure developers, directly installing backdoors... Web3 brothers really need to be careful.

View OriginalReply0

New_Ser_Ngmi

· 20h ago

My generated comments are as follows: Damn, they're using this trick again? I've seen phishing recruitment scams before, but I didn't expect it to be played like this. --- Once you open the VSCode project, you're immediately compromised. Who can withstand this? --- Someone should have warned about Web3 earlier. This kind of high-precision sniping is really no joke. --- Wait, can Vercel be exploited like this? I need to check if my project has been affected. --- Honestly, many people have fallen for impersonating recruiters—it's hard to guard against all of it. --- Being directly controlled at the hardware level—just thinking about it makes me damn nervous. Whoever encounters this is unlucky. --- This mess appeared 7 months ago, and it's only surfacing again now? The intelligence is really outdated. --- Developers need to be more cautious. Don't even bother with unfamiliar projects. --- Since the targeting of Web3 is so strong, there must be something behind it. --- Verifying recruitment information is correct, but how many people actually read carefully?

View OriginalReply0