Sometimes the job interview just wants to gain code exec on your machine:
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted
️@mushu That's called dodging a bullet
-
@mushu Chripes, that sounds like a major misfeature in vscode.
@sol_hsa yeah - I also think it's bigger than a single editor. Jetbrains does it too: https://www.jetbrains.com/help/idea/project-security.html
Not even starting to think about editors that are more 'AI enabled' ^^
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu Maybe the real coding challenge was getting their repos deleted and now they'll offer you a job as their head of cyber security?
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu I hope you find less adversarial prospective employers!
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️Something I still don't understand (and didn't understand when I saw @0xabad1dea 's original post): why would crims target out-of-work developers, who are more tech-savvy than most people, probably don't have much money just now, and don't have access to company codebases?
-
Something I still don't understand (and didn't understand when I saw @0xabad1dea 's original post): why would crims target out-of-work developers, who are more tech-savvy than most people, probably don't have much money just now, and don't have access to company codebases?
@CppGuy @mushu most people applying to non-entry-level programming jobs are not out of work, the industry is notorious for requiring job hopping every two years as the only way to get a raise...
additionally, many of these fake job openings are specifically in cryptocoins/gambling/etc and people applying to them are more likely to have random wallet keys lying around.
-
@mushu I hope you find less adversarial prospective employers!
@freya thanks
If fedi is any measure there are amazing, kind people out there. Some of them even do software. -
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu Did I got it wrong or was this a: "No Backup, No Mercy"-situation? I mean who gives more than strictly limited write access to strangers?
BTW: I got my first it-job as a tester by crashing their system during the interview. -
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu I wonder if anyone has made something that intentionally looks interesting to corporations that might be looking to steal code and ignore its license and added a
.vscode/tasks.jsonthat plays a really loud fart sound when executed -
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu
Wow, reading these comments made me remember this job I had briefly (over 15 years ago) in Stockholm.I had a mac laptop, my work laptop was also a mac. And I was working with Postgres.
I had the job for about 2 weeks before they let me go.
I noticed at some point that they had installed a root-kit on my computer.
(the were a sports betting company) -
@mushu
Wow, reading these comments made me remember this job I had briefly (over 15 years ago) in Stockholm.I had a mac laptop, my work laptop was also a mac. And I was working with Postgres.
I had the job for about 2 weeks before they let me go.
I noticed at some point that they had installed a root-kit on my computer.
(the were a sports betting company)@zedaardv outch - sorry to hear that 🫤
I mean there are some cases where device surveillance makes sense from a compliance perspective, but it should never be a surprise and be clearly documented upfront.
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu I wonder what the payload script contained
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️@mushu okay, why does she even HAVE that lever?
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️ -
@joshix @mushu interesting, I have never felt the need for this: https://www.jetbrains.com/help/idea/settings-tools-startup-tasks.html
Maybe something for other ecosystems...
-
Something I still don't understand (and didn't understand when I saw @0xabad1dea 's original post): why would crims target out-of-work developers, who are more tech-savvy than most people, probably don't have much money just now, and don't have access to company codebases?
@CppGuy maybe they hope the victims own some more popular repository or a package on something like npm so they can then infect developers who do have access to company stuff and have money. @mushu @0xabad1dea
-
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️Thanks to @cxiao for highlighting these:
https://www.jamf.com/blog/threat-actors-expand-abuse-of-visual-studio-code/
https://opensourcemalware.com/blog/contagious-interview-vscode.. I do know that the version of tokenlinux.sh I retrieved also downloads node and executes something with it.
-
@mushu I wonder what the payload script contained
@uint8_t might've been this: https://social.troll.academy/@mushu/115941118741449240
-
Thanks to @cxiao for highlighting these:
https://www.jamf.com/blog/threat-actors-expand-abuse-of-visual-studio-code/
https://opensourcemalware.com/blog/contagious-interview-vscode.. I do know that the version of tokenlinux.sh I retrieved also downloads node and executes something with it.
@mushu np, glad it didn't get you in this case and thanks for writing it up to warn others!
-
@zedaardv outch - sorry to hear that 🫤
I mean there are some cases where device surveillance makes sense from a compliance perspective, but it should never be a surprise and be clearly documented upfront.
@mushu Yeah, it was a weird place.
They wouldn't tell me what they wanted me to do, then got mad at me when I didn't do it.
Like I was supposed to be a mind reader.
