I had a fake job interview. It was a malware delivery chain.
A fake recruiter tried to turn VSCode workspace trust into silent code execution. Here is the attack chain, the infrastructure, and the IOCs.
Apr 29, 202617 min read120
Command Palette
Search for a command to run...
#threat-intelligence
Articles tagged with #threat-intelligence
From a coffee-in-bed Google search to a StealC-linked campaign — the story behind nailproxy.space
How 19 fake GitHub repositories across 17 accounts led from a Python dropper to a StealC-linked payload chain.
Apr 23, 202616 min read253
nailproxy.space: A Multi-Repository GitHub Malware Campaign
Update (2026-04-22, 13:33): I submitted this case to GitHub Support for campaign-level review. Ticket ID: 4313391. Further update (2026-04-23): I published a deeper technical follow-up covering the
Apr 22, 20269 min read184