This case involves a highly suspicious recruitment scam delivered via LinkedIn DM, with a high-risk verdict. The recruiter shared a coding assessment project that, upon closer inspection, contained multiple critical vulnerabilities. Evidence suggests the project was designed for remote code execution (RCE) and secret exfiltration. Specifically, the leaderboard controller in the backend used Function.constructor on remote input, allowing for RCE. This constructed function was then passed to `require()`, indicating a potential require injection. Furthermore, the profile service in the backend was configured to exfiltrate all environment variables to an external URL via `axios.post`, a clear indicator of secret theft. These combined signals strongly point to a sophisticated attempt to compromise the recipient's system and steal sensitive information under the guise of a coding assessment.
Vault secured
Hi, we have an exciting opportunity. Please check out this repository for a coding assessment.
Thanks, I will take a look.
Disclaimer:This report is based on community-submitted information and automated analysis. It does not constitute legal advice or a definitive determination of fraud. Named or described entities may contest this report - if you believe this case contains inaccurate information, you may submit a correction or appeal. RTIdx process takedown and correction requests within 7 days.