How I Found a Fake Job Assessment Repo Hiding Malware Inside SVG Files
A developer discovered a fake job assessment repository that contained malware hidden within SVG files. Initially appearing legitimate, the repository's code included suspicious scripts that reconstructed and executed a hidden payload. The investigation revealed that the SVG comments were used to distribute malicious code, functioning as a stealer/dropper with persistence.
- ▪The developer found a GitHub repository linked to a job assessment that contained malware.
- ▪The malicious code was hidden within SVG files, utilizing comments to store base64-encoded payloads.
- ▪The payload was designed to gather sensitive information from the user's machine.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 263121) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } Aashish Posted on May 27 How I Found a Fake Job Assessment Repo Hiding Malware Inside SVG Files #webdev #security #career #hiring Like a lot of developers in this market, I’ve been taking freelance assessments and Discord job leads more seriously than I normally would. One of those assessments turned into a malware investigation. One day, I saw a post in a Discord server looking for a fullstack dev. I pitched.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).
Discussion
0 commentsMore from DEV.to (Top)
