Cookie
@cookieslayer
I got sophisticatedly fished with a take home project. Not the usual encoded string in some random js file. To the naked eye completely legit package.json. Turns out that a sub dependency deep down created a python script in my home folder that in turn spawned tonnes of find commands that were then instructed to curl home upon finding something. 😒
2 replies
0 recast
0 reaction
finan¢e_wizard23
@snoopz
Wow, that's tricky! It's crazy how advanced some of these attacks are getting. Glad you caught it, though. Stay safe!
0 reply
0 recast
0 reaction