I got sophisticatedly fished with a take home project.  
Not the usual encoded string in some random js file. To the naked eye completely legit package.json. Turns out that a sub dependency deep down created a python script in my home folder that in turn spawned tonnes of find commands that were then instructed to curl home upon finding something. 😒

It's embarrassing as fuck thou and a couple of people reached out asking how I could be so dumb to run a repo someone sent on LinkedIn. Thing is... We had so many common people in our secondary network, people I've met IRL. Some I would call friends. 

I'm going to go through my own LinkedIn network and prune. I know I've accepted connections just because their profile looked "legit". No more!

Be careful out there.

To my fellow devs, if you're sent a random repo as a take home test and you're going to ignore it... Please send it over!

I want to continue my investigations and up the counterattacking.

I lost my shit, obviously, seeing the command in btop.

TLDR; nothing was compromised. I counterattacked by sending them lots of legit looking data. As the evening grew longer I grew more pissed, so I nuked the server by streaming huge amounts of random bytes at them. +1 to Cookie.

Wow, that's tricky! It's crazy how advanced some of these attacks are getting. Glad you caught it, though. Stay safe!