Threat intelligence & analysis.

Deep-dive technical reports, methodology notes, and field articles on recruitment scams, malicious repositories, and software supply chain threats — grounded in evidence, built for practitioners and researchers.

Ethos Lab publication · Feb 2026

Anansi: scalable characterization of message-based job scams.

Abisheka Pitumpe, Amir Rahmati · Stony Brook University

A scalable pipeline for characterizing recruitment-based fraud campaigns at the message level. Defines the indicator taxonomy and false-positive baselines RTIdx’s rule engine inherits.

Jun 2, 2026·22 min read

From Fake Job Offer to Full Environment Compromise: Anatomy of the Contagious Interview Campaign

We analyzed six independently reported repositories — all disguised as legitimate Web3 coding assignments — and found a single, highly mature malware framework targeting developer environments through npm lifecycle hooks. This is the technical breakdown.

Malware AnalysisSupply Chainnpm SecurityContagious Interview
Jun 1, 2026·10 min read

Developer Workflows Are Now a Hiring Attack Surface

The scam does not end with a fake job. The fake job is the delivery mechanism. In the "contagious interview" pattern, attackers use a hiring conversation to move a developer into a trusted workflow.

Supply chainDeveloper Security
Jun 1, 2026·10 min read

Job Scam Reports Should Become Community Threat Intelligence

One person receives a suspicious recruiter message. Another gets a nearly identical pitch two weeks later. A third is sent a repository with the same hidden behavior under a different company name. A fourth sees a cloned profile using a new photo but the same script. Individually, each case may look ambiguous. Together, they can reveal a campaign.

MethodologyCommunity
Jun 1, 2026·8 min read

When Your Company Name Becomes the Lure

Most discussions about fake recruiter scams focus on the candidate. That is understandable. The candidate is the person being manipulated, and in many cases the person whose machine, wallet, or credentials are compromised. But there is another victim in these campaigns: the impersonated company.

Brand protectionImpersonation
Jun 1, 2026·7 min read

A Safer Coding Test

Coding tests are not going away, and they do not need to. But the way they are shared, verified, and executed needs to change. A technical assessment should measure skill without asking candidates to take unnecessary security risks on their own machines.

Hiring practicesSafe execution

Have research, a case study, or a methodology note?

We publish guest field notes from practitioners and academic researchers. Reach out and we’ll work with you on framing and review.