Los programadores que se presentan a las “entrevistas” deben realizar una serie de pruebas técnicas, incluyendo la descarga y ejecución de código alojado en GitHub, para dar la sensación a la víctima que se trata de un proceso de selección legítimo. But what the victim does not yet know is that they are going to run a malicious program that opens a backdoor that collects information and maintains remote access to the infected system.
This fraud is based on a social engineering attack and then the use of malicious software. The attackers ask the victim to install an NPM package, very common in Python, that once executed starts the processes of an obfuscated Java file that downloads additional files from a malicious server.
This trojan keeps the connection with the malicious actor active, collects files and commands from the victim system and exfiltrates information to servers controlled by the cybercriminal.
In these cases, it is recommended to pay close attention to possible job offers that offer many advantages, that seek that the “candidate” accept that “interview” quickly.
Fountain: Bleeping Computer