Comment by satvikpendem

Those are known scams. They usually reside in sanctioned countries like North Korea (but I've also gotten a lot of Chinese ones), and they make you bear any legal risk if they try to install backdoors in the client codebase. They also run the same scam with wanting your Upwork or similar credentials.