Caught malicious code during a code review on the platfrom - Be careful out there!

Published Nov 11, 2024

Hey everyone,

I wanted to share a concerning experience I had recently while working on CodeMentor.

I think it's important to raise awareness about this type of scam.

The Situation:

Client asked me to review their code, seemed normal at first
Red flag #1: They were oddly insistent about getting screenshots
Red flag #2: Found suspicious obfuscated code hidden in their Tailwind implementation

What I Found:

After deobfuscating the code, discovered it was trying to steal browser information
Found a hardcoded IP address (45.128.52.14) where the stolen data was being sent
Did some digging: The IP belongs a company in UK

Lessons Learned:

Always be suspicious of obfuscated code in simple projects
Be extra careful when clients insist on screenshots or screen sharing
Take time to review ALL code, even styling files
Report suspicious activities to the platform immediately

What I did:

Reported the user to CodeMentor
Contacted the hosting provider's abuse department
Documented everything for future reference

Has anyone encountered similar scams on coding platforms?
What other red flags should we watch out for?

Stay safe out there, fellow developers!

Security Investigations Tailwind css JavaScript Data Security engineering

Report

Enjoy this post? Give Nabil CHIHEB a like if it's helpful.

Nabil CHIHEB

Full-stack developer focused on AI-powered SaaS solutions

Hi there! I'm a full-stack developer with expertise in building AI-powered SaaS solutions. I’ve worked on projects ranging from CRMs to APIs, specializing in Laravel, Vue.js, and AI integrations.

Discover and read more posts from Nabil CHIHEB

get started