Osint

Same Playbook, New Hiding Spot If you read my previous write-up on the Dex-platform scam , you know the pattern: fake recruiter, polished repo, hidden malware. That attack hid its payload inside a fake npm package (tailwind-setting) loaded through tailwind.config.ts. This one is smarter. There’s no malicious npm package to flag. No suspicious dependency to Google. The entire attack lives in three lines of vite.config.ts - a file that most developers ignore if on the first glimpse it looks okay. ...

The Message That Should Have Been Obvious The LinkedIn message came from someone claiming to be a Paxos recruiter. For context, Paxos is a legitimate, well-funded blockchain infrastructure company. The kind of place where a recruitment message wouldn’t be weird. But I was curious. How much effort do these scammers actually put in? So I engaged. A few messages back and forth. They mentioned a “first round” that would be the usual call to discuss the role. I made it clear I wasn’t particularly interested in phone screening right now - too busy, maybe another time. ...