The source describes a LinkedIn job scam aimed at Web3 developers in which the attacker sent an archive of a repository rather than a simple executable. Analysis of the project found an obfuscated next.setup.js file that would run after dependency installation and project startup, then target browser profile paths, wallet extension storage, and a Solana id.json file. The authors noted possible follow-on download behavior through a p2.zip reference and compared the tradecraft to a Lazarus-linked campaign, while stressing that this sample was lower quality and collected data directly without a loader. The case is useful for tracking developer-focused social engineering and malicious repository delivery, but it should not be treated as firm Lazarus attribution beyond the source wording.