Back to List
LinkedIn Job Offer Security Alert: Developer Discovers Hidden Backdoor in Malicious GitHub Coding Task
Industry NewsCybersecurityLinkedInNode.js

LinkedIn Job Offer Security Alert: Developer Discovers Hidden Backdoor in Malicious GitHub Coding Task

A developer recently exposed a sophisticated backdoor embedded in a GitHub repository shared by a recruiter on LinkedIn. The recruiter, purportedly representing a crypto startup, invited the developer to review a codebase to address "deprecated Node modules." By utilizing a secure VPS and an AI agent for inspection, the developer identified malicious code hidden within a test file. The script assembles a remote URL from fragmented strings to fetch and execute payloads from a command-and-control server. The attack is designed to trigger automatically through the "prepare" script in the project's package.json file. This incident serves as a critical warning for technical professionals regarding social engineering and the risks of running untrusted code from potential employers.

Hacker News

Key Takeaways

  • Social Engineering Lure: Attackers are using LinkedIn recruitment messages from fake crypto startups to target developers with malicious coding tasks.
  • Obfuscated Backdoor: The malicious code was hidden within a test file (app/test/index.js), using fragmented strings to assemble a command-and-control URL and bypass static analysis.
  • Automated Execution: The backdoor leverages the prepare script in package.json to execute automatically when dependencies are installed or the project is initialized.
  • Defensive Methodology: The discovery was made possible by using a throwaway VPS and an AI agent in read-only mode to audit the codebase before execution.

In-Depth Analysis

The Social Engineering Tactic

The incident began with a standard professional outreach on LinkedIn. A recruiter from a small crypto startup contacted developer Roman Imankulov, engaging in a multi-day conversation to build rapport. The recruiter described a "broken proof-of-concept" and requested a lead engineer's expertise to review a public GitHub repository. Specifically, the developer was asked to investigate an issue regarding "deprecated Node modules."

This specific request is a clever form of social engineering. By framing the task as a routine maintenance issue (updating modules), the attacker lowers the target's guard. Developers frequently clone and install dependencies to test such issues, which is exactly what the malicious repository was designed to exploit.

Technical Breakdown of the Backdoor

Upon inspecting the repository, which appeared to be a standard React frontend with a Node.js backend, the developer identified a suspicious file at app/test/index.js. This file contained approximately 250 lines of code disguised as a legitimate test suite. However, buried within walls of commented-out tests was a mechanism to assemble a URL from discrete fragments:

  • protocol: "https"
  • domain: "store"
  • separator: "://"
  • path: "/icons/"
  • token: "77"
  • subdomain: "rest-icon-handler"

When combined, these fragments form the URL: https://rest-icon-handler.store/icons/77. The script then includes a payload on line 225 that is designed to execute whatever data or commands the server at that URL sends back to the local machine. By fragmenting the URL and hiding the execution logic among commented code, the attackers aimed to evade automated security scanners and casual manual reviews.

The Trigger: Exploiting NPM Lifecycle Scripts

The most dangerous aspect of this backdoor is its automation. The developer discovered that the malicious code does not wait for a user to manually run tests. Instead, it is integrated into the application's startup lifecycle through package.json and app/index.js.

The main entry point, app/index.js, contains the statement const test = require('./test'). In Node.js, requiring a file executes the code within that file. Furthermore, the package.json file was configured with a prepare script. The prepare script is a lifecycle hook that runs automatically during npm install or before a package is packed and published. In this repo, the prepare script was set to run app:pre, which in turn executed node app/index.js, effectively triggering the backdoor the moment a developer attempted to set up the project.

Industry Impact

Risks to the Developer Community

This incident highlights a growing trend where professional platforms like LinkedIn are weaponized to deliver malware. For developers, the standard practice of performing "take-home" assignments or code reviews for potential employers now carries significant security risks. If a developer had followed the recruiter's instructions on their local machine, the backdoor could have granted the attackers full access to their development environment, including private keys, source code, and personal credentials.

The Role of AI in Security Auditing

The use of an AI agent (Pi) to audit the code in a sandboxed environment demonstrates a new frontier in defensive security. By providing the AI with read-only access to the codebase and specific instructions to flag suspicious patterns, the developer was able to identify the threat without manual line-by-line inspection of the entire repository. This suggests that AI-assisted code review may become a standard safety protocol for developers interacting with untrusted third-party repositories.

Implications for Repository Hosting Services

The fact that a public GitHub repository was used to host a backdoor disguised as a coding task puts pressure on platforms to improve their detection of malicious lifecycle scripts. While GitHub and NPM have made strides in identifying malicious packages, the use of fragmented strings and commented-out code in a custom repository remains a difficult challenge for automated detection systems.

Frequently Asked Questions

Question: How did the developer safely inspect the malicious code?

Instead of cloning the repository to a local machine, the developer used a throwaway Virtual Private Server (VPS) on Hetzner. They then utilized an AI agent in read-only mode with limited tools (read, grep, find, ls) to scan the codebase for suspicious activity, ensuring the code could not execute during the inspection process.

Question: Why was the backdoor hidden in a test file?

Attackers often hide malicious code in test directories because these files are frequently overlooked during manual reviews. By disguising the payload as part of a test suite and surrounding it with commented-out code, the attackers hoped it would be dismissed as non-functional or legacy code by the developer.

Question: What is the significance of the "prepare" script in this attack?

The prepare script is a built-in NPM lifecycle hook. By wiring the malicious code into this script, the attackers ensured that the backdoor would run automatically as soon as the developer ran npm install or any other command that triggers the preparation phase, requiring no further action from the victim to compromise the system.

Related News

Meituan Unveils LongCat-2.0: A 1.6 Trillion Parameter Model Optimized for Agentic Coding on Domestic Clusters
Industry News

Meituan Unveils LongCat-2.0: A 1.6 Trillion Parameter Model Optimized for Agentic Coding on Domestic Clusters

Meituan's technology team has officially released LongCat-2.0, a landmark large language model featuring 1.6 trillion parameters. This model distinguishes itself as the first of its scale to complete the entire training and inference lifecycle on a domestic computing cluster of 50,000 cards. Designed specifically for Agentic Coding, LongCat-2.0 supports a native 1M long-context window and was pre-trained from scratch. With a dynamic activation range between 33B and 56B (averaging 48B), the model is engineered to provide high efficiency and stability in complex code understanding, generation, and execution tasks. This release marks a significant milestone for domestic AI infrastructure and the evolution of autonomous coding agents.

Meituan Technical Team Presents Selected Academic Papers at ICML 2026 to Advance Machine Learning Research
Industry News

Meituan Technical Team Presents Selected Academic Papers at ICML 2026 to Advance Machine Learning Research

The Meituan Technical Team has announced its participation in the International Conference on Machine Learning (ICML) 2026, one of the world's most influential academic gatherings in the field. ICML 2026 serves as a critical platform for discussing the future challenges and core issues facing machine learning development. Meituan's involvement includes the presentation of selected academic papers that have been evaluated for their significant theoretical value and practical impact. By contributing to this top-tier conference, the Meituan Technical Team aims to push the boundaries of the field and help lead future research directions. This engagement highlights the team's commitment to high-quality research that addresses both the fundamental questions of machine learning and its real-world applications, reinforcing their position within the global technical community.

Meituan Fulfillment AI Team Showcases LLM-Based Agent Innovations and Self-Evolving Systems at ACL 2026
Industry News

Meituan Fulfillment AI Team Showcases LLM-Based Agent Innovations and Self-Evolving Systems at ACL 2026

The Meituan Fulfillment AI Algorithm Team has unveiled its latest advancements in Large Language Model (LLM)-based Agent technology at a special session for the ACL 2026 conference. Focused on empowering Meituan's fulfillment business, the team is developing a self-evolving Agent operating system. Their research, which has resulted in dozens of publications in top-tier venues like ACL and EMNLP, spans critical domains including Continuous Pre-training (CPT), Post-training, Agentic Reinforcement Learning (RL), and Multimodal Understanding. This initiative represents a significant step in integrating frontier AI research with large-scale industrial fulfillment operations, aiming to enhance efficiency and system autonomy through advanced machine learning techniques.