A fake LinkedIn recruiter persona for DLMind steered developers toward a private GitHub assessment, AI-Healthcare, whose startup path fetched a staged JavaScript payload from loopsoft[.]tech:6168/defy/v8. The BeaverTail-style chain is described as a cross-platform infostealer and Socket.IO backdoor with VM checks, clipboard monitoring, keylogging, screenshots, file scanning, remote command execution, and Python payload deployment. It targeted browser credentials, macOS Keychain data, developer secrets, environment files, and cryptocurrency wallet artifacts across major browsers and wallet extensions. The decoded configuration exposed C2 and exfiltration infrastructure including 172[.]86[.]89[.]10:4382 and 88[.]218[.]0[.]78:1224, showing a recruitment lure built to compromise developer systems and steal high-value credentials.