A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT).
  • @SocsaEnglish
    312 months ago

    Honestly I can see this being the worlk of someone who had to deal with one of those stupid fucking online interview code tests which require crazy screen monitoring permissions. What a better way to kill off that trend entirely than to make the very practice an active cyber-security risk?

    • @[email protected]English
      52 months ago

      Accelerationism is a very difficult thing to defend, though mostly because the evil shits of the world will keep pushing once most people wake up to how shitty everything is. Helping them to make things shitty is quite directly only helping shitheads further their goals.

    • @sugar_in_your_teaEnglish
      32 months ago

      My company has a strict policy against take home coding challenges. If we want to see you code, we’ll do the challenge live, open book (just tell us what you’re looking up).

      Bad candidates cheat on those tests, and good candidates don’t have the patience, so they’re worthless. If you’re applying for a job and they have a take home coding challenge, your time is probably better spent elsewhere.

    • @HackerJoeEnglish
      22 months ago

      Shit like that would run in a VM. At 640x480 in 16 colors with the max font size and cursor trails.

  • circuscriticEnglish
    72 months ago

    They don’t say who was targeted, but I bet this is a backdoor way to infiltrate specific projects. So if they have a list of 163 projects they see a benefit in gaining some sort of access to, they then compile a target list from the relevant developers/contributors to all of those projects, and go from there.

    This isn’t the type of campaign that can be spammed to anyone and everyone both due to logistics and to minimize exposure of the tools being used.

  • @[email protected]English
    42 months ago

    Job finding is getting abstract to this point. Imagine to having an interview only to get a RAT.

  • @[email protected]English
    32 months ago

    A lot of tech people are getting laid off and looking for jobs. This makes them susceptible to social engineering efforts like this.

    In the last two weeks I’ve been getting multiple unsolicited text messages saying they have reviewed my resume and have a job that would be perfect. Of course, there’s a link to follow.

    If I sent someone a message like that, if they DID click on it, that would be an automatic disqualification on grounds of infosec dumbassery.

    Be careful out there.

    • @sugar_in_your_teaEnglish
      22 months ago

      Huh, that’s an interesting way to potentially vet candidates for a sec job: throw a phishing link into a recruiting email (convincing email, sketchy link). If their email matches an application, reject the candidate. Include info about an actual position in the email, and if they report it, give them an interview.