WARNING TO DEVELOPERS: A new wave of “technical test scams” is targeting devs

Source: Dev.to

How the scam works (same pattern every time)

1. A “recruiter” (sometimes pretending to be a CEO/HR) contacts you.
2. The job looks amazing — above‑market salary, remote position, paid in USD, etc.
3. They ask for your CV and GitHub.
4. They say you’re “approved for the next stage” without any real interview.
5. Before the call, they send you a codebase to review or modify as a “technical test.”

Running the project executes a malicious script hidden inside the dependencies, allowing remote code execution and giving the attacker access to your machine — especially to browser wallets and local credentials.

Real cases from the community

Allan Lancioni

He reverse‑engineered an actual attack. The project contained scripts that enabled code injection and crypto‑wallet theft.
His post (highly recommended):
Como identifiquei um golpe em teste técnico – análise real

João Pessoa

He received a suspicious repo as a “technical test.” In the package.json he found:

{
  "dependencies": {
    "fs": "0.0.1-security",          // placeholder inserted when a malicious package is removed
    "execp": "0.0.1",               // malicious package designed to execute arbitrary commands
    "request": "^2.88.2"           // deprecated + vulnerable
  }
}

A remote‑code‑execution script hidden in dark.min.js used atob + eval.
His post:

Muhammad Ramadhani

Received an almost identical project with the same malicious dependencies. His warning went viral in the Web3 community.
Profile:

My personal case

Yes — they tried this with me too.

Red flags

• The company claimed to be “X”, but the recruiter used a gmail.com address.
• The repo had zero relation to the company name.
• The project involved crypto (again, same pattern).
• The code structure was suspicious.
• They pushed me to run the project before any technical call.

Repo I received

• mega-org99/Coinpromoting_dApp
• Allan even replied saying the repo he received was extremely similar: megaorg991/tokentradingdapp

Same structure, same dependencies, same modus operandi — probably the same group.

My intuition kicked in — and I dropped the process immediately. Better to lose a “job opportunity” than compromise my machine, accounts, and data.

How to protect yourself (practical checklist)

1. Never run npm install, yarn, or pip install on unknown projects.
   Open the dependency files first. Look for suspicious packages, single‑version modules, weird names, etc.
2. Be skeptical of any test sent before a real conversation.
   Scammers skip interviews — they push codebases.
3. Check the recruiter’s email and company domain.
   Gmail = red flag.
4. Ask for a technical explanation of the project.
   Scammers avoid calls.
5. Use ChatGPT (or another AI) to analyze suspicious code.
   Paste dependencies → it will flag malicious patterns instantly.
6. If an offer seems too good to be true… it probably is.
   High salary + “easy test” + no interview = scam formula.

Final reminder

This isn’t paranoia — it’s protection. Scammers target developers because:

• Developers run code.
• Developers store SSH keys, API tokens, environment secrets.
• Developers often have corporate access.
• Developers trust “technical tests” too easily.
• Developers working with Web3/crypto are especially vulnerable.

If something feels off, walk away. Your instinct is a security tool. Stay safe. Audit everything. Trust nothing blindly.