Strange. When I shared the permalink of this Lemmy post on Discord, it embedded the wrong title and thumbnail…

“After 30 Years, Linux Finally Hits 3% Market Share”

For anyone who’s brain is stuck in QA mode, they mean “coding skills test,” not some tool to test code.

I read the entire article with the wrong paradigm and got confused when I didn’t see the vector for infection.

the overall malware campaign against the Python development community has been running since at least August of 2023, when a number of popular open source Python tools were maliciously duplicated with added malware. Now, though, there are also attacks involving “coding tests” that only exist to get the end user to install hidden malware on their system (cleverly hidden with Base64 encoding) that allows remote execution once present.

So, a supply chain attack or they’re sending you code to run?

This is a good time to refer to PEP 668 which enforces virtual environments for non-system wide Python installs.

Virtual environments are not isolated sandboxes. This is not a security feature. Do not expect any kind of safety by running things in a venv.