New update. Read at the bottom ⏬
I received this email: from sender: admin@autosquare.store
Figma design link: https://www.figma.com/design/3p...
For further actions, you may consider blocking this person and/or reporting abuse
Scary what AI is going to do to scams
Thankyou
holy shit, I just received it and checked
I received the same email and clicked on the Figma link. I want to confirm if there’s any problem just because I clicked on the link, even if I didn’t interact further.
I don't think the figma link is compromised in any way. It's just a detail they use to make you think it's a real project.
From what I know and what I saw in the code, the malware activates only when you start the project, when you run
npm run start. Until then the car.dll malware does not run, I think.Warning ! It is possible to run malware when you run
npm installbut I don't think it's the case with this one.received this email few hours ago, thanks for writing this.
Thanks for taking the time and share it!
I recived the same email from hr@autosquare.tech and I smell something rare about they sharing to me the design without any previous contact
People seeing recruitment emails on their mailbox being all happy that they jump into the contents without thinking!
I also received an email from them recently, thanks for writing this
Thank you for sharing this. I had received the same email 22nd Nov. 11 days ago. I received from
admin@autosquare.shop
Thank you, I just received an email similar to these.
I just joined dev.to for this. Thank you.
P.S. I received an email from
contact@autosquare.tech; their Figma work is quite impressive.Thanks for your perfect analysis!
given a public source was unusual behavior... Luckily, I used a VM.
Thanks for making me aware 👀
Thanks a lot ! I got this exact mail today. I was convinced that was a legit recruitment mail. Glad I was digging deeper and found your post. Thanks for saving me !!
Update! The bitbucket repository has beed deleted ! The account seems to be deleted too.
And the figma file is private now.
Please i have already installed this, do you have any tip of what i can do to kill the malware
I'm not sure how this malware works, i'm not a cybersecurity researcher.
I think this has the ability to download any other malware from those external network calls.
I general it's advised to do a full scan with an antivirus software, either the Windows Defender included in Windows or any of Avast, Bitdefender or Malwarebytes. All of this have a free version.
Also, I forgot to include in the article, the car.dll (or any .dll) malware only applies for Windows OS ! If you use Mac or Linux you should be safe from car.dll.
However you are not safe from the obfuscated js code. I updated the article detailing what I found about this code, the TL;DR is that it tries to steal your session cookies, saved passwords, and solana wallet, from all major browsers on both Mac and Windows.
I would recommend you to change passwords for your most important accounts and logout from any device in order to invalidate any session cookies that this malware could have stolen.
Wow. I almost fell for this. Just received the email and I was wondering why a recruitment email was marked as spam