I am absolutely stunned that you just were absolutely okay with a random stranger sending you a message like this and then you do it.
Yes it's really good that you are doing a PSA but there needs to be another PSA on top of this.
The PSA shouldn't be to be careful. The PSA should be literally not to trust people you don't first initiate contact with to do something as "personal" as compile their code without reading it first.
Does a sight unseen code review usually start with compiling?
Should you trust a random crypto person?
If four to five times in the last 6 months this happened to you then I'm also wondering what other things you have participated in were also scams.
Usually its node.js with react (that's my expertise). It looks legit at first glance, but it might contain some obfuscated code somewhere on startup. That's what one project had. I checked the github a day later and it was deleted.
i dont' know but the files themselves were malware. Are you saying they write the exploit on a pre-commit hook? WHat good would that do? I'm not commiting any code. It would never execute.
I am absolutely stunned that you just were absolutely okay with a random stranger sending you a message like this and then you do it.
Yes it's really good that you are doing a PSA but there needs to be another PSA on top of this.
The PSA shouldn't be to be careful. The PSA should be literally not to trust people you don't first initiate contact with to do something as "personal" as compile their code without reading it first.
Does a sight unseen code review usually start with compiling?
Should you trust a random crypto person?
If four to five times in the last 6 months this happened to you then I'm also wondering what other things you have participated in were also scams.
You just seem really trusting.
What type of code, and how were you running it. eg, was it an npm install, a make build, something else?
Usually its node.js with react (that's my expertise). It looks legit at first glance, but it might contain some obfuscated code somewhere on startup. That's what one project had. I checked the github a day later and it was deleted.
Arent alot of these delivering malware by Pre commit hooks?
i dont' know but the files themselves were malware. Are you saying they write the exploit on a pre-commit hook? WHat good would that do? I'm not commiting any code. It would never execute.
[flagged]