A LinkedIn recruiter pitched me a remote "Software Engineer at a DEX" project this week. Reasonable comp range, tech stack squarely in my wheelhouse. After a couple of friendly exchanges, she asked me to "review the codebase before the technical interview" and sent me a GitHub repo link plus a Calendly invite for the call. The repo was malware. It didn't get me, but it's something developers should be aware of — especially in the current job market, when a lot of people are laid off and looking for jobs or projects. This post walks through exactly what was in it, the three details I found genuinely clever (honestly, kind of impressive in a "wish they'd put this energy into something legit" way), and the single precaution that defeats the entire family of attacks like this one. If you're an engineer who occasionally talks to recruiters on LinkedIn, this matters to you. The catch The repo ( metabiteorg/NitroGem — reported to GitHub Trust & Safety, takedown pending) presents itself as a React + web3 dApp.…