A LinkedIn Job Offer Tried to Install Malware on My Machine
Contents
Here's exactly how it worked, who did it, and how to protect yourself.
On January 21, 2026, I received a LinkedIn message about a freelance opportunity. A real estate tech platform, $600,000-$800,000 budget, needed someone to evaluate their codebase. The profile looked legitimate. The company existed. The budget was attractive.
The message led to a GitLab repository containing a trojanized Node.js application - a targeted supply-chain attack designed to abuse npm's lifecycle hooks and deploy a multi-stage credential-theft and command-and-control payload.
This article is a warning. I'm sharing everything: the profile, the malicious code, the infrastructure, the red flags I missed. If even one developer avoids this scam because of this post, it's worth publishing.
The Setup
The LinkedIn message came from someone named "Rajinder Mudhar" - Branch Manager at FINE PROPERTY(UK) LTD, FCA Regulated, based in London. The profile had 500+ connections and a verified badge. One detail stood out in retrospect: "Rajinder hasn't …
On January 21, 2026, I received a LinkedIn message about a freelance opportunity. A real estate tech platform, $600,000-$800,000 budget, needed someone to evaluate their codebase. The profile looked legitimate. The company existed. The budget was attractive.
The message led to a GitLab repository containing a trojanized Node.js application - a targeted supply-chain attack designed to abuse npm's lifecycle hooks and deploy a multi-stage credential-theft and command-and-control payload.
This article is a warning. I'm sharing everything: the profile, the malicious code, the infrastructure, the red flags I missed. If even one developer avoids this scam because of this post, it's worth publishing.
The Setup
The LinkedIn message came from someone named "Rajinder Mudhar" - Branch Manager at FINE PROPERTY(UK) LTD, FCA Regulated, based in London. The profile had 500+ connections and a verified badge. One detail stood out in retrospect: "Rajinder hasn't …
IoC
https://jsonkeeper.com/b/ARL7M
http://144.172.108.57:4896/upload
https://gitlab.com/nielsottore-oss/realestatevc
https://calendly.com/jack-murray-tech
144.172.108.57
[email protected]
098f6bcd4621d373cade4e832627b4f6
http://144.172.108.57:4896/upload
https://gitlab.com/nielsottore-oss/realestatevc
https://calendly.com/jack-murray-tech
144.172.108.57
[email protected]
098f6bcd4621d373cade4e832627b4f6