@cookieslayer

I got sophisticatedly fished with a take home project. Not the usual encoded string in some random js file. To the naked eye completely legit package.json. Turns out that a sub dependency deep down created a python script in my home folder that in turn spawned tonnes of find commands that were then instructed to curl home upon finding something. 😒

2 replies

0 recast

0 reaction