"OtterCandy, malware used by WaterPlum" published by @NTTSH_JP. #ContagiousInterview, #OtterCandy, #WaterPlum, #DPRK, #CTI

NTT Security Japan published a blog post "OtterCookie, new malware used in Contagious Interview campaign", translation of “Contagious Interviewが使用する新たなマルウェアOtterCookieについて”. https://t.co/MrNeGzjoQs #DPRK #ContagiousInterview #OtterCookie

"Inside DPRK's Fake Job Platform Targeting U.S. AI Talent" published by @ValidinLLC. #ClickFix, #ContagiousInterview, #DPRK, #CTI

"Beyond eval(): DPRK’s New Malware Strategy Hidden in Job Assignments" published by @KL4R10N. #ContagiousInterview, #NPM, #DPRK, #CTI

"Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery" published by @NVISOSecurity. #ContagiousInterview, #InvisibleFerret, #DPRK, #CTI

"Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks" published by @SocketSecurity. #ContagiousInterview, #NPM, #OtterCookie, #DPRK, #CTI

"Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader" published by @SocketSecurity. #ContagiousInterview, #NPM, #XORIndex, #DPRK, #CTI

"WaterPlumが使用するマルウェアOtterCandyについて" published by @NTTSH_JP. #ContagiousInterview, #OtterCandy, #WaterPlum, #DPRK, #CTI

"Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages" published by @SocketSecurity. #BeaverTail, #ContagiousInterview, #HexEval, #NPM, #DPRK, #CTI

"Additional Features of OtterCookie Malware Used by WaterPlum" published by @NTTSH_JP. #OtterCookie, #WaterPlum, #ContagiousInterview, #DPRK, #CTI

"North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms" published by @LabsSentinel. #ClickFix, #ContagiousInterview, #DPRK, #CTI

Now that the cat is out of the bag regarding the use of front companies like BlockNovas LLC (blocknovas[.]com) in DPRK-linked #ContagiousInterview campaigns. We thought we'd share our overview of network telemetry surrounding this particular activity.

"Latest Contagious Interview malware campaign abuses Microsoft VSCode Tasks" published by OSM. #ContagiousInterview, #Lazarus, #DPRK, #CTI

NTT Security Japan published a blog post "Additional Features of OtterCookie Malware Used by WaterPlum", translation of “ WaterPlumが使用するマルウェアOtterCookieの機能追加”. https://t.co/CXCnMR86vi #DPRK #ContagiousInterview

"Lazarus Group Attacks in 2025: Overview for SOC Teams" published by @anyrun_app. #ContagiousInterview, #ITWorker, #InvisibleFerret, #Lazarus, #OtterCookie, #PylangGhost, #DPRK, #CTI

North Korean hackers shift tactics again, hiding payloads in JSON services to trick developers into running malicious projects. https://t.co/YSZhwtNy4f #CyberSecurity #ThreatIntel #ContagiousInterview #NorthKorea #MalwareOps #SoftwareSupplyChain #DeveloperSecurity

North Korean threat actors are using the #ContagiousInterview and #WageMole campaigns to secure remote jobs in the West, bypassing sanctions with stolen data. ThreatLabz researchers have identified obfuscation enhancements, new Windows & macOS package formats, and over 100

@AzakaSekai_ @1ZRR4H I believe it is ContagiousInterview. The first part is similar to the OtterCookie first stage described here: https://t.co/LqhVxnBmOk, payload is a newer version of BeaverTail.

🔥 Hot summer, sizzling crypto... and scammers turning up the heat 🔥 Back in March, Sekoia #TDR team published a deep-dive report on a #Lazarus cluster we dubbed #ClickFake Interview, leveraging the #ClickFix technique in their #ContagiousInterview campaign.

『With the unique fingerprint, we identified 77 malicious GitHub repositories that are active as of November 28, 2025.』 #ContagiousInterview Unmasking a new DPRK Front Company DredSoftLabs https://t.co/hvpZJskLRr