Npm Run Hack:Me - A Supply Chain Attack Journey
Contents
Npm Run Hack:Me - A Supply Chain Attack Journey
I thought I was being recruited. In reality, I had just been hacked. I had given hackers user-level permissions to my system. All I had done was run npm run start
.
How did I end up here?
I am a freelance developer - at least partly. Since I do freelancing on and off, my LinkedIn profile is pretty accurate. It includes a few of my previous employers, including a few blockchain and Web 3 related projects.
I frequently receive messages from recruiters in my inbox. At this point, I’m casually browsing for new freelance opportunities. And so far, Web 3 is exciting, fast-paced, and well-paying. So, yes, I was interested in another Web 3 project.
When a recruiter messaged me about a new Web3 project, my initial feeling was: “let’s see where this goes”. The recruiter’s profile looked legitimate - she had been on LinkedIn since …
I thought I was being recruited. In reality, I had just been hacked. I had given hackers user-level permissions to my system. All I had done was run npm run start
.
How did I end up here?
I am a freelance developer - at least partly. Since I do freelancing on and off, my LinkedIn profile is pretty accurate. It includes a few of my previous employers, including a few blockchain and Web 3 related projects.
I frequently receive messages from recruiters in my inbox. At this point, I’m casually browsing for new freelance opportunities. And so far, Web 3 is exciting, fast-paced, and well-paying. So, yes, I was interested in another Web 3 project.
When a recruiter messaged me about a new Web3 project, my initial feeling was: “let’s see where this goes”. The recruiter’s profile looked legitimate - she had been on LinkedIn since …