WARNING: Branches in this repository contain snapshots of repositories reported as potentially malicious. DO NOT EXECUTE any code from
case/*branches.
This repository is the evidence vault for RTIdx — a scam detection platform that analyzes suspicious job recruitment interactions and the repositories they link to.
When a user reports a suspicious recruitment attempt with a repository URL, the RTIdx worker:
- Scans the repository for malicious patterns (obfuscation, data exfiltration, crypto wallet harvesting, etc.)
- Generates a risk verdict with confidence score
- Mirrors the repository here as an orphan branch for evidence preservation and research
master— this README and security docscase/{uuid}— each branch is an isolated, full-history mirror of a reported repository
Each case/* branch preserves the complete git history of the source repository at the time it was reported, including all commits, authors, and timestamps.
This data is used for:
- LLM training — teaching models to detect malicious code patterns in recruitment scam repos
- Pattern analysis — identifying reusable templates and infrastructure across scam campaigns
- Feature engineering — extracting signals for the RTIdx scoring engine
| Campaign | Malware family | Technique |
|---|---|---|
| Contagious Interview | BeaverTail / InvisibleFerret | npm postinstall → wallet drain |
| Fake Assessment | Various | eval() + base64 obfuscation |
| Crypto Wallet Drain | Custom | Web3 credential harvesting |
| Credential Harvester | Custom | Hardcoded Supabase/Firebase creds |
Analysis methodology is informed by:
- Anatomy of a Developer Recruitment Scam (Pruteanu)
- Inside the Scam: North Korea IT Worker Threat (Recorded Future)
- Anansi: Scalable Characterization of Message-Based Job Scams (arXiv)
- Job Scam Social Media Study (Heimdal Security)
The snapshots in case/* branches are preserved for security research purposes under fair use. Original code ownership belongs to the respective authors. This repository does not claim ownership of mirrored content.
Maintained by: defdone Part of: RTIdx Project