On LinkedIn and Upwork I've received a number of contacts saying they would like to hire for a few different reasons. One was for finding some problems with their Web3 site, another for adding features, another to change blockchains, others for similar reasons. They would point to a github account which invariably included some react based node and asked to look at what exists and then schedule a call to talk.
The scam here is they expect you to run some random npm on a windows box. This would search your machine for any wallet software, upload it elsewhere, and then install any other files from an offsite host. I'm not sure if any windows firewall or AV would catch the issue. The nasty code has been hiding in jquery-min.js and similar, deobfuscating the code shows a long list of potential wallet file locations to grab and the IP addresses of where to upload and also download further files.
I have no idea on the effectiveness of this approach as any real dev shouldn't run unknown software on a local machine. However the javascript was 500 lines of rather interesting code so there was some work put into the scam.
Thank you for sharing this. It's a crucial reminder to stay vigilant, especially in the Web3 space where scams can be sophisticated. Running any unknown npm packages, especially from unverified sources, is risky and can lead to severe security breaches. It's always best to use a sandbox or a virtual environment to test unknown code and thoroughly inspect it before running it on your machine. It's sad to see so much effort put into scams rather than building something constructive, but awareness like this can help others avoid falling victim. Stay safe!