I recently received an email recently from someone - mike.gill.space@gmail.com - wanting some development work done. I suggested I'd be happy to find a team for them, and they sent me a Git repo to clone to take a look.
Needless to say, this Git repo got cloned in a fresh FreeBSD VM with exactly zero secrets on it. Not even my regular username, no SSH keys, etc.
It seems to be a pretty janky Next.js based SEO site for automobile parts ... with a bunch of ... gaming CSS and assets? ... embedded in it?
I'm going to keep stringing this along, see if I can work out what their end game is. It's like no scam / spam I've ever encountered before. So far they don't seem to be going after money or PII ... unless there's something nefarious hidden in that repo that would exfiltrate keys etc. upon being installed and run?
Let me know by email if you'd like a copy of the Git repo. I am not making it available for public download as it may be malicious in some way I haven't picked up on.
If you'd like to comment on any of my posts, please visit my public inbox.
---