Fake Job Interviews Are Installing Backdoors on Developer Machines
Microsoft warns of a phishing campaign targeting developers with fake Next.js job assessments. The attack uses VS Code workspace automation, npm build tasks, and backend scripts to install backdoors and exfiltrate credentials. Attackers leverage social engineering to compromise developer machines, gaining access to cloud secrets, tokens, and source code.
Summaries are AI-generated to help you scan faster. Open the original source for full context.