Recently, I was targeted by a credential stealer disguised as a take-home coding assessment for a job interview. Instead of running it on my host machine, I audited the repository inside an isolated Debian VM and reverse engineered the attack chain.…