PODCAST · technology
The Fake Interview
by Red Asgard
The Fake Interview is a narrative security investigation about how a fake coding interview became a global credential-theft operation.Across the series, valh4x and Red Asgard Security Research trace a DPRK-linked, Lazarus-attributed campaign from malicious developer repositories to exposed command-and-control infrastructure, blockchain dead drops, malware payloads, operator mistakes, victim data, and the uncomfortable question every threat hunter eventually faces: who is watching whom?This show is built for security researchers, developers, threat intelligence teams, Web3 engineers, and anyone who wants to understand how modern social-engineering operations actually work.Topics include fake recruiter personas, malicious coding tests, developer compromise, C2 infrastructure, malware analysis, credential theft, blockchain abuse, OPSEC failures, and the defender lessons learned from following the evidence.Attribution is handled carefully
-
1
The Repository That Called Home: Lazarus, Fake Interviews, and Malicious Code
Episode 2 of The Fake Interview follows the first repository: a fake software project delivered through a job interview that behaved like real work until the moment it called home.We examine how a malicious coding test abused normal developer behavior: opening a project, trusting a workspace, installing dependencies, running local code, and debugging what looked like a broken app.This episode covers:- DPRK-linked fake interview activity- malicious GitHub / contractor repositories- VSCode and Cursor workspace trust abuse- run-on-folder-open execution- Function.constructor abuse in JavaScript- Vercel-hosted stage-one infrastructure- payload delivery and command-and-control routing- why developer machines are high-value targetsCompanion notes:https://podcast.redasgard.com/pages/companion-technical-notes-episode-02-the-repository-that-called-home
-
0
Real Blood on the Wire: How a Fake Coding Interview Exposed Lazarus Credential Theft
In this episode of The Fake Interview, we investigate how a fake coding interview became a credential theft operation targeting software developers, Web3 engineers, and cryptocurrency workers.Topics covered:- Lazarus / DPRK-linked Contagious Interview activity- malicious coding tests- developer workstation compromise- credential theft- malware infrastructure- threat intelligence lessons for security teamsCompanion notes:https://podcast.redasgard.com/pages/companion-technical-notes-episode-1-real-blood-on-the-wire
No matches for "" in this podcast's transcripts.
No topics indexed yet for this podcast.
Loading reviews...
ABOUT THIS SHOW
The Fake Interview is a narrative security investigation about how a fake coding interview became a global credential-theft operation.Across the series, valh4x and Red Asgard Security Research trace a DPRK-linked, Lazarus-attributed campaign from malicious developer repositories to exposed command-and-control infrastructure, blockchain dead drops, malware payloads, operator mistakes, victim data, and the uncomfortable question every threat hunter eventually faces: who is watching whom?This show is built for security researchers, developers, threat intelligence teams, Web3 engineers, and anyone who wants to understand how modern social-engineering operations actually work.Topics include fake recruiter personas, malicious coding tests, developer compromise, C2 infrastructure, malware analysis, credential theft, blockchain abuse, OPSEC failures, and the defender lessons learned from following the evidence.Attribution is handled carefully
HOSTED BY
Red Asgard
CATEGORIES
Loading similar podcasts...
URL copied to clipboard!