Ask HN: Possible fake recruiter sending malware to developers

Hi, I have some rumors of a recruiter sending malware to applicants.

It was reported to me directly that 4 different people from the Brazilian financial sector were approached by a recruiter on Linkedin, I checked up their profile and their profile supposedly works to Grayscale[1][2].

After talking to the recruiter they get a python code assignment, with a zip file. All of them reported that after running this code their machine got slower and they got login attempts on their emails.

A few things:

* At this very moment I have no idea if the recruiter even works for the company and/or if they know it is a malware. * I'm no infosec expert, but I have the zip file with me, was able to recreate on a VM the malicious behavior.

Question:

* Anyone here has contact with Grayscale Investments[1][2] to confirm this is their real recruiter?

[1] https://www.linkedin.com/company/grayscale-investments/

[2] https://grayscale.com/

2 points | by jeanlucas 510 days ago

1 comments

  • Trouble_007 510 days ago 

      Is this part of the recruitment test? - Who runs un-scanned code on bare-metal?
    [-]
    • jeanlucas 510 days ago
      Looks like several people do, but about that... Looks like the profile was changed/update just a week ago, probably someone lost their account to this malware, and they are using the new linkedin accounts for this.
    • quickthrower2 510 days ago
      Everyone who has a laptop and node package manager