Sometimes the job interview just wants to gain code exec on your machine.

Lobsters is a community-driven platform for sharing and discussing links to articles, tutorials, and projects related to technology and programming. Readers can learn about a wide range of topics, from software development and system administration to cybersecurity and artificial intelligence. With user submissions, comments, and voting, Lobsters provides a platform for collaborative learning and knowledge sharing among technology enthusiasts.

Lobsters

A developer discovered a malicious coding test during a job interview process. The repository contained VSCode tasks that executed remote shell scripts, downloading and running malware on the candidate's machine. The attack used multiple Vercel-hosted domains to fetch and execute scripts with JWT tokens. The author investigated the attack chain, reported it to GitHub and Vercel, and the malicious organization was subsequently deleted. This serves as a warning about adversarial hiring practices that attempt to compromise candidates' systems.

runjak.codes: An adversarial coding test