Sometimes the job interview just wants to gain code exec on your machine:
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted
️ -
S svenja@mstdn.games shared this topic
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu that is crazy... thanks for posting about it.
Is it just me, or could the dialog be a little more specific about WHAT it automatically executes? And: why do I want my IDE to automatically execute stuff in a repo I open? What is the positive use case of such a feature? (I am an IntelliJ user, so that is a genuine question)
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu I hate how many inexperienced or unsuspecting devs are gonna fall for this
-
@mushu that is crazy... thanks for posting about it.
Is it just me, or could the dialog be a little more specific about WHAT it automatically executes? And: why do I want my IDE to automatically execute stuff in a repo I open? What is the positive use case of such a feature? (I am an IntelliJ user, so that is a genuine question)
@morl99 yes, I agree it could be more explicit. That'd also aid with the step of attackers trying to obfuscate the code execution by adding whitespace in the json.
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu oh no, how rude of them! Thanks for sharing and good luck in your job search!
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu sorry, non techie here: iiuc you detected foul play in the depository. Would it have infected your machine? Done something else?
-
@mushu sorry, non techie here: iiuc you detected foul play in the depository. Would it have infected your machine? Done something else?
@temptoetiam hey
yes - I was lucky to detect foul play and happened to be careful.I found that software would've run that loaded and executed other software. From what I could see the setup in the end was one where my machine would've executed whatever the attackers wanted with user privileges.
I'm not 100% sure what the endgame would've been. Could've gone for ransomware, information stealing, botnets you name it.
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu oh yes, putting a lot of whitespace at the start of a command is a classic in roblox malware
-
@mushu I hate how many inexperienced or unsuspecting devs are gonna fall for this
@codecat yeah, that's sad indeed.
-
@mushu that is crazy... thanks for posting about it.
Is it just me, or could the dialog be a little more specific about WHAT it automatically executes? And: why do I want my IDE to automatically execute stuff in a repo I open? What is the positive use case of such a feature? (I am an IntelliJ user, so that is a genuine question)
-
@temptoetiam hey
yes - I was lucky to detect foul play and happened to be careful.I found that software would've run that loaded and executed other software. From what I could see the setup in the end was one where my machine would've executed whatever the attackers wanted with user privileges.
I'm not 100% sure what the endgame would've been. Could've gone for ransomware, information stealing, botnets you name it.
@mushu thank you very much for your kind explanation!
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu Chripes, that sounds like a major misfeature in vscode.
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu That's called dodging a bullet
-
@mushu Chripes, that sounds like a major misfeature in vscode.
@sol_hsa yeah - I also think it's bigger than a single editor. Jetbrains does it too: https://www.jetbrains.com/help/idea/project-security.html
Not even starting to think about editors that are more 'AI enabled' ^^
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu Maybe the real coding challenge was getting their repos deleted and now they'll offer you a job as their head of cyber security?
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu I hope you find less adversarial prospective employers!
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️Something I still don't understand (and didn't understand when I saw @0xabad1dea 's original post): why would crims target out-of-work developers, who are more tech-savvy than most people, probably don't have much money just now, and don't have access to company codebases?
-
Something I still don't understand (and didn't understand when I saw @0xabad1dea 's original post): why would crims target out-of-work developers, who are more tech-savvy than most people, probably don't have much money just now, and don't have access to company codebases?
@CppGuy @mushu most people applying to non-entry-level programming jobs are not out of work, the industry is notorious for requiring job hopping every two years as the only way to get a raise...
additionally, many of these fake job openings are specifically in cryptocoins/gambling/etc and people applying to them are more likely to have random wallet keys lying around.
-
@mushu I hope you find less adversarial prospective employers!
@freya thanks
If fedi is any measure there are amazing, kind people out there. Some of them even do software. -
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu Did I got it wrong or was this a: "No Backup, No Mercy"-situation? I mean who gives more than strictly limited write access to strangers?
BTW: I got my first it-job as a tester by crashing their system during the interview.
