How I Found a Fake Job Assessment Repo Hiding Malware Inside SVG Files

Like a lot of developers in this market, I’ve been taking freelance assessments and Discord job leads more seriously than I normally would.

One of those assessments turned into a malware investigation.

One day, I saw a post in a Discord server looking for a fullstack dev. I pitched. The reply looked routine at first: they DM’d me a requirements PDF for an assessment. I did not trust it, so I asked them to paste the requirements in the chat instead. They sent screenshots of the PDF, and it looked like a real assessment. Clean structure, clear expectations, nothing immediately screaming scam.

Then they invited me to a GitHub repo called E-commerce-template-12d46f3e. My first thought was that the name looked autogenerated, like they were appending random numbers for each assessment. That is when I started treating it like a security review, not a coding exercise.

What I checked first