@uint8_t might've been this: https://social.troll.academy/@mushu/115941118741449240

Thanks to @cxiao for highlighting these:

https://www.jamf.com/blog/threat-actors-expand-abuse-of-visual-studio-code/
https://opensourcemalware.com/blog/contagious-interview-vscode

.. I do know that the version of tokenlinux.sh I retrieved also downloads node and executes something with it.

@zedaardv outch - sorry to hear that 🫤

I mean there are some cases where device surveillance makes sense from a compliance perspective, but it should never be a surprise and be clearly documented upfront.

@freya thanks
If fedi is any measure there are amazing, kind people out there. Some of them even do software.

@sol_hsa yeah - I also think it's bigger than a single editor. Jetbrains does it too: https://www.jetbrains.com/help/idea/project-security.html

Not even starting to think about editors that are more 'AI enabled' ^^

@codecat yeah, that's sad indeed.

@temptoetiam hey
yes - I was lucky to detect foul play and happened to be careful.

I found that software would've run that loaded and executed other software. From what I could see the setup in the end was one where my machine would've executed whatever the attackers wanted with user privileges.

I'm not 100% sure what the endgame would've been. Could've gone for ransomware, information stealing, botnets you name it.

@morl99 yes, I agree it could be more explicit. That'd also aid with the step of attackers trying to obfuscate the code execution by adding whitespace in the json.

Sometimes the job interview just wants to gain code exec on your machine:

https://runjak.codes/posts/2026-01-21-adversarial-coding-test/

Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted️