Sign up to save your podcasts
Or
Share The Repository That Called Home: Lazarus, Fake Interviews, and Malicious Code
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Repository That Called Home: Lazarus, Fake Interviews, and Malicious Code
Episode 2 of The Fake Interview follows the first repository: a fake software project delivered through a job interview that behaved like real work until the moment it called home.
We examine how a malicious coding test abused normal developer behavior: opening a project, trusting a workspace, installing dependencies, running local code, and debugging what looked like a broken app.
This episode covers:
- DPRK-linked fake interview activity
- malicious GitHub / contractor repositories
- VSCode and Cursor workspace trust abuse
- run-on-folder-open execution
- Function.constructor abuse in JavaScript
- Vercel-hosted stage-one infrastructure
- payload delivery and command-and-control routing
- why developer machines are high-value targets
Companion notes:
https://podcast.redasgard.com/pages/companion-technical-notes-episode-02-the-repository-that-called-home
View all episodes
By Red AsgardEpisode 2 of The Fake Interview follows the first repository: a fake software project delivered through a job interview that behaved like real work until the moment it called home.
We examine how a malicious coding test abused normal developer behavior: opening a project, trusting a workspace, installing dependencies, running local code, and debugging what looked like a broken app.
This episode covers:
- DPRK-linked fake interview activity
- malicious GitHub / contractor repositories
- VSCode and Cursor workspace trust abuse
- run-on-folder-open execution
- Function.constructor abuse in JavaScript
- Vercel-hosted stage-one infrastructure
- payload delivery and command-and-control routing
- why developer machines are high-value targets
Companion notes:
https://podcast.redasgard.com/pages/companion-technical-notes-episode-02-the-repository-that-called-home