Fake job interviews target developers with new Python backdoor
Fake job interviews target developers with new Python backdoor
A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT).
It's like they want me to give up finding a job when half the job interviews are fucking scams.
"nObOdY wAnTs tO wOrK aNyMoRe"
Yeah, I was pretty skeptical with my current job:
- Recruiter contacted me, I didn't contact them
- Interview done by Indians, full remote
- I had never heard of the company
But everything checked out, and I love the job. It's not a tech company, but it has the best parts of one (proper AGILE processes, separated QA, dev, and devOPs roles, modem tech stack, etc).
So be careful of scams, but not so careful you miss out on great opportunities.
It's sad that this works. You'd think especially software professionals would be the most vigilant about running unknown code.
Professionals in software development do not mean professionals in cyber security.
Same way you don't expect a geologist to be a mason
That's a bad take. Unless you get your knowledge purely from shady tutorials or have a fast track bootcamp education, it's unlikely you never touch on security basics.
I'm a software design undergrad and had to take IT Sec classes. Other profs also touched on how to safely handle dependencies and such.
While IT Security is its own specialisation, blindly trusting source code others provide you with is something a good programmer shouldn't do.
If you need a metaphor: Just because a woodworker specialises in tables, doesn't mean they can't build a chair.
Edit: Seems like my take is the bad one 😂
Just another reason to not be doing any work before your paid. They can ask questions or do something static.
This is low. Imagine if you're unemployed, doing rounds of job interviews and got hit with this mess.
It would be terrible.