Sometimes the job interview just wants to gain code exec on your machine:
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted
️@mushu I wonder what the payload script contained
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu okay, why does she even HAVE that lever?
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️ -
@joshix @mushu interesting, I have never felt the need for this: https://www.jetbrains.com/help/idea/settings-tools-startup-tasks.html
Maybe something for other ecosystems...
-
Something I still don't understand (and didn't understand when I saw @0xabad1dea 's original post): why would crims target out-of-work developers, who are more tech-savvy than most people, probably don't have much money just now, and don't have access to company codebases?
@CppGuy maybe they hope the victims own some more popular repository or a package on something like npm so they can then infect developers who do have access to company stuff and have money. @mushu @0xabad1dea
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️Thanks to @cxiao for highlighting these:
https://www.jamf.com/blog/threat-actors-expand-abuse-of-visual-studio-code/
https://opensourcemalware.com/blog/contagious-interview-vscode.. I do know that the version of tokenlinux.sh I retrieved also downloads node and executes something with it.
-
@mushu I wonder what the payload script contained
@uint8_t might've been this: https://social.troll.academy/@mushu/115941118741449240
-
Thanks to @cxiao for highlighting these:
https://www.jamf.com/blog/threat-actors-expand-abuse-of-visual-studio-code/
https://opensourcemalware.com/blog/contagious-interview-vscode.. I do know that the version of tokenlinux.sh I retrieved also downloads node and executes something with it.
@mushu np, glad it didn't get you in this case and thanks for writing it up to warn others!
-
@zedaardv outch - sorry to hear that 🫤
I mean there are some cases where device surveillance makes sense from a compliance perspective, but it should never be a surprise and be clearly documented upfront.
@mushu Yeah, it was a weird place.
They wouldn't tell me what they wanted me to do, then got mad at me when I didn't do it.
Like I was supposed to be a mind reader.
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu "To me this is the visual language of Blockchain/NFT scams mixed with the butthole motifs that AI companies like so much."
Beautifully written
-
S skorpy@chaos.social shared this topic
