A developer describes a highly polished fake recruiting process that used a realistic company website, apparent HR and engineering interviews, and a coding challenge to persuade the victim to run a supplied repository. The visible repo appeared clean, but a dependency chain introduced [email protected] and [email protected], which executed a shell script and attempted to install a Go backdoor on macOS. The backdoor used a custom RC4-encrypted protocol and supported shell execution, file theft, Chrome password extraction, Keychain exfiltration, and crypto wallet targeting. The victim noticed a macOS background-process prompt for patch.sh, disconnected quickly, and later found Chrome passwords, Keychain data, and MetaMask wallet data had been accessed within about a minute. The case is useful for tracking developer-targeted social engineering because it shows how trust-building interviews can hide malicious dependency execution rather than obvious malicious code in the top-level repository.