Recently I received a few contacts through linkedin asking if I’d be interested in a little blockchain work. They would point to a github repo and would ask if I could determine how to make some requested changes. These were all larger npm based projects and the directions were to run it locally on your machine. Of course I wouldn’t run unknown code locally!
I’d run things on a fresh VM and invariably the code wouldn’t work. It appears one was trying to run a keylogger, another had upload libraries. The obfuscated code was added in files like jquery-min.js and other places to easily hide malware.
The scammers are getting more creative. Annoyingly so.