Trojan Virus in React Project!!
Recently, someone invited me to work on a React project. The job seemed suspicious, and I had doubts. Usually, if it's a scam, they send files containing malicious code. However, in this case, they asked for my GitHub username to send me an invite to a repository. Everything seemed legit, but I still felt something was off.
I downloaded the code, which contained two folders—one for the frontend (React) and one for the backend (Node.js). After running the project, I noticed that Python was installed in the background, along with Python scripts running and requesting permissions.
I installed Malwarebytes, and it detected a TROJAN. I still have no idea how the Node.js project installed the malware.
I still have the code—can someone help me investigate this?
7 Replies
did you open it in an ide, and if so which one?
U must check package.json file carefully. There are operations. Each operation carefully and also check config, .env files something like. These files can contain malwarebytes commonly.It's so dangerous. Once you ran
npm run start, you computer will be fully managed under hackeryes vscode
hmm
are you using windows?
package.json has nothing weird also the .env i think the node server downloaded the malware after i run the project
yes win11
interesting
could you zip it up and send it to me?
i'll take a look
False positives in scanners are possible, but I'd be extra carefull. It's not like python + node are rare combinations, but I don't like python being installed automatically.
At this point simply resolve it with repo author, who invited you. If you don't know them and it seems fishy, drop the job and report the repo.