TechFlow reports that on March 15, the SlowMist security team issued a warning about a phishing campaign targeting blockchain engineers on LinkedIn. Blockchain developer Bruno Skvorc fell victim to a recruitment-themed phishing attack aimed at blockchain engineers. The attacker impersonated a project party and provided a Bitbucket repository link containing malicious code.
SlowMist's technical analysis revealed that the malicious code contained an encrypted payload activated through the server.js file. Once executed, the program connects to a command-and-control server to download the test.js and .npl Trojan programs, which then steal sensitive information such as system data, browser extension wallet data, and passwords, with the ultimate goal of stealing users' cryptocurrency assets.




