New update. Read at the bottom ⏬
I received this email: from sender: admin@autosquare.store
Figma design link: https://www.figma.com/design/3p...
For further actions, you may consider blocking this person and/or reporting abuse
Scary what AI is going to do to scams
Thankyou
holy shit, I just received it and checked
I received the same email and clicked on the Figma link. I want to confirm if there’s any problem just because I clicked on the link, even if I didn’t interact further.
I don't think the figma link is compromised in any way. It's just a detail they use to make you think it's a real project.
From what I know and what I saw in the code, the malware activates only when you start the project, when you run
npm run start. Until then the car.dll malware does not run, I think.Warning ! It is possible to run malware when you run
npm installbut I don't think it's the case with this one.received this email few hours ago, thanks for writing this.
Thanks for taking the time and share it!
I recived the same email from hr@autosquare.tech and I smell something rare about they sharing to me the design without any previous contact
I also received an email from them recently, thanks for writing this
I just joined dev.to for this. Thank you.
P.S. I received an email from
contact@autosquare.tech; their Figma work is quite impressive.Thanks for your perfect analysis!
given a public source was unusual behavior... Luckily, I used a VM.
Thank you, I just received an email similar to these.
Thank you for sharing this. I had received the same email 22nd Nov. 11 days ago. I received from
admin@autosquare.shop
People seeing recruitment emails on their mailbox being all happy that they jump into the contents without thinking!
Thanks for making me aware 👀
Thanks a lot ! I got this exact mail today. I was convinced that was a legit recruitment mail. Glad I was digging deeper and found your post. Thanks for saving me !!
Update! The bitbucket repository has beed deleted ! The account seems to be deleted too.
And the figma file is private now.
Wow. I almost fell for this. Just received the email and I was wondering why a recruitment email was marked as spam
Please i have already installed this, do you have any tip of what i can do to kill the malware
I'm not sure how this malware works, i'm not a cybersecurity researcher.
I think this has the ability to download any other malware from those external network calls.
I general it's advised to do a full scan with an antivirus software, either the Windows Defender included in Windows or any of Avast, Bitdefender or Malwarebytes. All of this have a free version.
Also, I forgot to include in the article, the car.dll (or any .dll) malware only applies for Windows OS ! If you use Mac or Linux you should be safe from car.dll.
However you are not safe from the obfuscated js code. I updated the article detailing what I found about this code, the TL;DR is that it tries to steal your session cookies, saved passwords, and solana wallet, from all major browsers on both Mac and Windows.
I would recommend you to change passwords for your most important accounts and logout from any device in order to invalidate any session cookies that this malware could have stolen.