Malicious hackers are now hiding backdoors in technical skill assessment tests targeting job seekers


Malicious hackers are now hiding backdoors in technical skill assessment tests targeting job seekers

Malicious hackers are now hiding backdoors in technical skill assessment tests targeting job seekers.

Imagine this: You are out of work searching for a job as a programmer in an already crammed field where, theoretically, AI is going to steal what is left of the jobs.

You finally catch a break, and what you think is a potential employer on LinkedIn starts to chat with you about gainful employment.

They send over a repo for you to evaluate and demonstrate your skills.

Unfortunately, that repo has a backdoor built in that does remote code execution, giving them access to your local files, credentials, and much more.

That is exactly what happened to Roman Imankulov, except he caught it before running it and did an amazing write-up on his experience.

Cybercrime is growing at an insane rate. Be careful what you run, even if you think you can trust the source, and when possible, run it in a container or virtual machine.

I would like to thank Yan Cui for putting this on my radar.