Scam recruiters target blockchain devs on Upwork, steal crypto with npm packages
A blockchain developer fell victim to a crypto scam after responding to a seemingly legitimate Upwork job. Bad actors have turned to Upwork in an effort to lure blockchain developers into downloading malicious software, enabling them to drain crypto currencies from non-custodial wallets. As per a BleepingComputer report, scam recruiters are instructing victims via LinkedIn to download and debug code from two malicious npm packages , hosted on a GitHub repository. One of the malicious npm packages on GitHub | Source: BleepingComputer You might also like: Minnesota man loses $9m in LinkedIn crypto romance scam Once developers execute the packages, a malicious script gains access to their devices. In an interview with BleepingComputer, Antalya-based blockchain developer Murat Çeliktepe revealed losing over $500 from his MetaMask wallet in crypto after opening the npm packages, providing scammers with remote access to his device. The incident extends beyond Çeliktepe, a...