Fake job interviews target developers with new Python backdoor - eviltoast
  • Socsa@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    31
    ·
    6 months ago

    Honestly I can see this being the worlk of someone who had to deal with one of those stupid fucking online interview code tests which require crazy screen monitoring permissions. What a better way to kill off that trend entirely than to make the very practice an active cyber-security risk?

    • MotoAsh@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      6 months ago

      Accelerationism is a very difficult thing to defend, though mostly because the evil shits of the world will keep pushing once most people wake up to how shitty everything is. Helping them to make things shitty is quite directly only helping shitheads further their goals.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      6 months ago

      My company has a strict policy against take home coding challenges. If we want to see you code, we’ll do the challenge live, open book (just tell us what you’re looking up).

      Bad candidates cheat on those tests, and good candidates don’t have the patience, so they’re worthless. If you’re applying for a job and they have a take home coding challenge, your time is probably better spent elsewhere.

  • circuscritic@lemmy.ca
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    6 months ago

    They don’t say who was targeted, but I bet this is a backdoor way to infiltrate specific projects. So if they have a list of 163 projects they see a benefit in gaining some sort of access to, they then compile a target list from the relevant developers/contributors to all of those projects, and go from there.

    This isn’t the type of campaign that can be spammed to anyone and everyone both due to logistics and to minimize exposure of the tools being used.

  • fubarx@lemmy.ml
    link
    fedilink
    English
    arrow-up
    3
    ·
    6 months ago

    A lot of tech people are getting laid off and looking for jobs. This makes them susceptible to social engineering efforts like this.

    In the last two weeks I’ve been getting multiple unsolicited text messages saying they have reviewed my resume and have a job that would be perfect. Of course, there’s a link to follow.

    If I sent someone a message like that, if they DID click on it, that would be an automatic disqualification on grounds of infosec dumbassery.

    Be careful out there.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      Huh, that’s an interesting way to potentially vet candidates for a sec job: throw a phishing link into a recruiting email (convincing email, sketchy link). If their email matches an application, reject the candidate. Include info about an actual position in the email, and if they report it, give them an interview.