Fake Job Interviews Are Installing Backdoors on Developer Machines

25 points by juliethefoxcoon 8 hours ago on lobsters | 3 comments

rnb37 | 6 hours ago

A simple rule of thumb is to not do any interviews on your local machine and be wary of interview processes that ask you to do this.

thasso | 3 hours ago

What exactly do you mean by doing interviews on the local machine? I was once asked to write code in a google doc for some reason. Would have much preferred streaming my text editor. Also is there the threat model assuming you know the company is legit?

duncan_bayne | 6 hours ago

I had one of these recently - still need to write about it. Wasn't a job interview but pivoted to an "I can build a local team to do that" conversation. Was sufficiently wary to run the proffered code in a VM with no secrets; very glad I did.

I then spent some time pretending I couldn't make it work, and sending them DOS and Windows 3.1 screenshots until they cottoned on :)