Entry 138-3 Teardown / Data 2 min ↩ back to the timeline

The coding test that was a heist

A freelancer nearly gets robbed by a job interview: a verified LinkedIn recruiter, a real-looking company, a coding challenge to run before the call, and one line of obfuscated code that decodes to an endpoint that would have drained his machine, caught only because he asked an AI to check.

video fuente → Source video thumbnail
Source transmission · “0 to 1 Million” diary

// trace: where this idea came from

The story, shared from the group chat: a freelance developer, normally careful, gets a LinkedIn offer from a recruiter with 1,000+ connections, real posts, real credibility, representing a company with employees and a following ▸ 31:40. The ask is a coding challenge to solve before the interview, a repo to clone and run ▸ 34:00. His habit is to run untrusted code in a VM, but the interview is in half an hour, so he almost skips it ▸ 32:17, “algo le olió raro”, and instead asks an LLM to scan the code for anything fishy ▸ 33:45.

It finds it: one line of innocent-looking numbers that is actually an encoded internet address, decoded on the very next line and used to exfiltrate ▸ 34:44. Run it, and they’d have his machine, his keys, his crypto, “lo hubieran dejado pelado” ▸ 34:31. The payload sat in the middle of legitimate test code, the malicious repo deleted within 24 hours, “robemos a la mayor cantidad de gente y eliminamos la evidencia” ▸ 35:15.

la ingeniería social no hackea el código; hackea tu prisa →

The teardown names the psychology because that’s the real attack surface: authority (a verified profile), urgency (finish fast, the interview’s in an hour), familiarity (a normal coding test), and social proof (a real company with real employees) ▸ 36:00. Each one is designed to make him skip the VM he always uses. And the diary logs the newer vectors on the same theme, prompt injection as the frontier: white-on-white text in an email telling an agentic browser like Comet to grant access ▸ 39:20, or an instruction hidden in an image that only surfaces when the model downscales it to read it ▸ 40:20. His own confession is the point of sharing it: he’s run reviewed-by-eye code plenty of times ▸ 38:32, and the thing that saved this developer wasn’t caution, it was a second reader who doesn’t get rushed…

// continued in

no entry has continued this idea yet: the arc is still open

la lista es el activo →

Continues

One distilled teaching per entry, straight from the video diary. Leave your email and get the next one the day it lands.