BTC $61,901.75 -3.41%
ETH $1,758.63 -3.39%
BNB $563.76 -2.64%
XRP $1.05 -3.76%
SOL $74.76 -3.49%
TRX $0.3252 -1.84%
DOGE $0.0711 -3.27%
ADA $0.1573 -4.00%
BCH $235.55 -3.83%
LINK $7.83 -2.55%
HYPE $63.67 -6.29%
AAVE $94.30 -3.95%
SUI $0.7157 -2.86%
XLM $0.1809 -4.34%
ZEC $512.36 -5.71%
BTC $61,901.75 -3.41%
ETH $1,758.63 -3.39%
BNB $563.76 -2.64%
XRP $1.05 -3.76%
SOL $74.76 -3.49%
TRX $0.3252 -1.84%
DOGE $0.0711 -3.27%
ADA $0.1573 -4.00%
BCH $235.55 -3.83%
LINK $7.83 -2.55%
HYPE $63.67 -6.29%
AAVE $94.30 -3.95%
SUI $0.7157 -2.86%
XLM $0.1809 -4.34%
ZEC $512.36 -5.71%

慢雾余弦:求职者审代码中招“后门窃密”,私钥被直接扫走

2025-12-04 10:11:50
收藏

ChainCatcher 消息,慢雾余弦 @evilcos 提醒称,有 Web3 求职者在面试过程中遭遇恶意代码陷阱。事件中,攻击者冒充 @seracleofficial,要求求职者审阅并运行 Bitbucket 上的代码。受害者克隆代码后,程序立即扫描本地全部 .env 文件并窃取私钥等敏感信息。

慢雾方面指出,此类后门属于典型 stealer,可收集浏览器保存的密码、加密钱包助记词与私钥等隐私数据。专家强调,凡涉及可疑代码审查,务必在隔离环境中操作,避免在真实设备上直接运行以致遭受攻击。

app_icon
ChainCatcher 与创新者共建Web3世界