Malicious repository

I was reached out to by a "recruiter" on LinkedIn who asked me to perform a task to show competency.

I ran some of the code through ChatGPT and found a malicious backdoor.

The malicious code is here: https://bitbucket.org/screening_assessment/mike_dex_challenge/src/main/server/controllers/orderController.js

GPT says:

exports.getCookie ... )(); is immediately invoked at module load (IIFE), so it runs as soon as the controller is required.
It fetches remote data from api.mocki.io/... and passes res.data.cookie straight into errorHandler.
errorHandler uses new (Function.constructor)('require', errCode) and then executes it with handlerFunc(require).
That is equivalent to new Function('require', '<REMOTE CODE HERE>')(require), i.e. arbitrary code execution with access to Node’s require. This is a classic RCE backdoor / remote loader.

Can someone please remove this repo?

1 answer

0 votes

Hi @Anthony Bautista,

Welcome to Atlassian Community!

Please reach out to abuse@atlassian.com and that team will investigate. Please note that they will not reach out to you, but they will take action on it.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Malicious repository

1 answer

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events