A Backdoor Disguised as a Job Offer Targets a Security Engineer
Full-stack engineer Roman Imankulov was contacted on LinkedIn by someone claiming to recruit for a cryptocurrency startup. The recruiter sent a GitHub repository to review. Imankulov used an AI agent to inspect the code, which found a backdoor that would execute remote code on 'npm install'. The recruiter's profile was stolen from a real art journalist, and the repository's commit history was hijacked from another developer.