#ContagiousInterview — Search

No JavaScript? That's cool, but you'll need to disable Turbo mode as it uses JavaScript in the client.

This April 14th: We'll be teaming up with DCSO to discuss the phenomenon of DPRK IT worker activities and what emerging developments security teams need to watch for now. Register here: hubs.ly/Q048CqHz0 #dprk #cybersec #contagiousinterview #webinar #ghosthires

199

Autumn Good @autumn_good_35 · 1d

『Since at least mid-2025, NICKEL ALLEY has used ClickFix to deliver PyLangGhost RAT.』 #ContagiousInterview NICKEL ALLEY strategy: Fake it ‘til you make it | SOPHOS sophos.com/en-us/blog/nic…

220

lazarusholic @lazarusholic · 4d

"NICKEL ALLEY strategy: Fake it ‘til you make it" published by @Secureworks. #NickelAlley, #ClickFix, #ContagiousInterview, #PylangGhost, #DPRK, #CTI sophos.com/en-us/blog/nic…

487

lazarusholic @lazarusholic · Mar 19

"Contagious Interview Campaign: Independent Analysis of the StegaBin Wave" published by SerapHim. #ContagiousInterview, #FamousChollima, #StegaBin, #DPRK, #CTI github.com/seraphimdeck/S…

SerapHim-CTI/CTI-001-StegaBinWave.pdf at main · seraphimdeck/SerapHim-CTI

A collection of independent CTI reports covering active threat campaigns and attacker TTPs. - seraphimdeck/SerapHim-CTI

From github.com

336

lazarusholic @lazarusholic · Mar 18

"StoatWaffle, malware used by WaterPlum" published by @NTTSH_JP. #ContagiousInterview, #StoatWaffle, #VSCode, #WaterPlum, #DPRK, #CTI jp.security.ntt/insights_resou…

StoatWaffle, malware used by WaterPlum | セキュリティナレッジ | NTTセキュリティ・ジャパン株式会社

In this blog post, we share our analysis of the StoatWaffle malware newly adopted by WaterPlum

From jp.security.ntt

461

lazarusholic @lazarusholic · Mar 18

"WaterPlumが使用するマルウェアStoatWaffleについて" published by @NTTSH_JP. #ContagiousInterview, #StoatWaffle, #VSCode, #WaterPlum, #DPRK, #CTI jp.security.ntt/insights_resou…

WaterPlumが使用するマルウェアStoatWaffleについて | セキュリティナレッジ | NTTセキュリティ・ジャパン株式会社

本稿では、WaterPlumが新たに使い始めたStoatWaffleマルウェアについて、解析結果を共有します。

From jp.security.ntt

223

NTTセキュリティ @NTTSH_JP · Mar 17

NTT Security Japan published a blog post “StoatWaffle, malware used by WaterPlum”. We investigated StoatWaffle, a new malware that has recently begun to be used in the Contagious Interview campaign. jp.security.ntt/insights_resou… #DPRK #WaterPlum #ContagiousInterview #StoatWaffle

StoatWaffle, malware used by WaterPlum | セキュリティナレッジ | NTTセキュリティ・ジャパン株式会社

In this blog post, we share our analysis of the StoatWaffle malware newly adopted by WaterPlum

From jp.security.ntt

2.2K

NTTセキュリティ @NTTSH_JP · Mar 17

ブログにて「WaterPlumが使用するマルウェアStoatWaffleについて」を公開しました。 Contagious Interviewキャンペーンにおいて、新たに使用され始めたStoatWaffleについて調査しました。 jp.security.ntt/insights_resou… #DPRK #WaterPlum #ContagiousInterview #StoatWaffle

WaterPlumが使用するマルウェアStoatWaffleについて | セキュリティナレッジ | NTTセキュリティ・ジャパン株式会社

本稿では、WaterPlumが新たに使い始めたStoatWaffleマルウェアについて、解析結果を共有します。

From jp.security.ntt

2.6K

lazarusholic @lazarusholic · Mar 13

"Contagious Interview: Malware delivered through fake developer job interviews" published by @MsftSecIntel. #ContagiousInterview, #InvisibleFerret, #OtterCookie, #VSCode, #DPRK, #CTI microsoft.com/en-us/security…

Contagious Interview: Malware delivered through fake developer job interviews | Microsoft Security...

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and Flexib...

From microsoft.com

523

lazarusholic @lazarusholic · Mar 11

"North Korea Tried to Hack Our CEO Through a Fake Job Interview on LinkedIn" published by Allsecure. #BeaverTail, #ContagiousInterview, #Lazarus, #VSCode, #DPRK, #CTI allsecure.io/blog/lazarus-l…

North Korea Tried to Hack Our CEO Through a Fake Job Interview on LinkedIn

AllSecure's CEO was personally targeted by North Korea's Lazarus Group via LinkedIn with a fake job interview. Instead of falling for it, he trapped them — and reverse-engineered every stage of their...

From allsecure.io

754

lazarusholic @lazarusholic · Mar 10

"Contagious Interview: Evolution of VS Code and Cursor Tasks Infection Chains Part 2" published by AbstractSecurity. #ContagiousInterview, #VSCode, #GolangGhost, #PylangGhost, #DPRK, #CTI abstract.security/blog/contagiou…

Contagious Interview: Evolution of VS Code and Cursor Tasks Infection Chains Part 2 | Abstract...

Analysis of the Contagious Interview campaign’s WeaselStore malware chain, including PylangGhost and GolangGhost deployment techniques, VS Code task abuse, and practical detection and mitigation...

From abstract.security

545

Gray Hats @the_yellow_fall · Mar 10

A fake LinkedIn recruiter and a poisoned GitHub repo: See how a CEO uncovered the North Korean "Contagious Interview" malware targeting Web3 developers. #ContagiousInterview #NorthKoreanMalware #CyberSecurity #Web3Security #SocialEngineering #InfoSec securityonline.info/the-contagious…

226

Red Asgard @_redasgard · Mar 8

On February 19 a Lazarus operator logged into his VPS. He didn’t know we had already mounted the disk through rescue mode... redasgard.com/blog/hunting-l… #lazarus #ContagiousInterview #threatintel #huntinglazarus #redasgard #malware #malwareanalysis

lazarusholic @lazarusholic · Mar 3

"StegaBin: 26 Malicious npm Packages Use Pastebin Steganograp..." published by @SocketSecurity. #ContagiousInterview, #FamousChollima, #NPM, #Steganography, #DPRK, #CTI socket.dev/blog/stegabin-…

StegaBin: 26 Malicious npm Packages Use Pastebin Steganograp...

Socket uncovered 26 malicious npm packages tied to North Korea's Contagious Interview campaign, retrieving a live 9-module infostealer and RAT from th...

From socket.dev

806

lazarusholic @lazarusholic · Mar 3

"Contagious Interview Campaign Abusing VSCode Distributed on Github" published by @ENKI_official_X. #ContagiousInterview, #VSCode, #DPRK, #CTI enki.co.kr/en/media-cente…

598

lazarusholic @lazarusholic · Feb 27

"Github를 통해 유포된 VSCode 악용 Contagious Interview 캠페인" published by @ENKI_official_X. #ContagiousInterview, #VSCode, #DPRK, #CTI enki.co.kr/media-center/b…

496

Red Secure Tech Ltd. @redsecuretech · Feb 26

North Korea-linked actors use malicious Next.js repos and VS Code tasks in Contagious Interview campaign. redsecuretech.co.uk/blog/post/nort… #CyberSecurity #NorthKorea #ContagiousInterview #Malware #DeveloperSecurity #SupplyChainAttack #VSCode #NextJS #InfoSec #ThreatIntel

lazarusholic @lazarusholic · Feb 25

"Contagious Interview: Evolution of VS Code and Cursor Tasks Infection Chains - Part 1" published by AbstractSecurity. #ContagiousInterview, #VSCode, #DPRK, #CTI abstract.security/blog/contagiou…

Contagious Interview: Evolution of VS Code and Cursor Tasks Infection Chains - Part 1 | Abstract...

ASTRO tracks fresh Contagious Interview evolutions: shortened URLs masking Vercel infrastructure, NVIDIA-impersonating GitHub Gists, and Google Drive payload delivery with a virus-scan bypass....

From abstract.security

484

lazarusholic @lazarusholic · Feb 24

"GitLab doxxes North Korea .gov hackers; fresh Ivanti zero-days; AI addiction and human purpose" published by @ryanaraine. #ContagiousInterview, #ITWorker, #DPRK, #CTI securityconversations.com/episode/gitlab…

GitLab doxxes North Korea .gov hackers; fresh Ivanti zero-days; AI addiction and human purpose -...

(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds […]

From securityconversations.com

Gray Hats @the_yellow_fall · Feb 24

GitLab reveals how North Korean fake IT workers use 'Contagious Interview' scams to bypass hiring, steal data, and hijack executive digital identities. #ContagiousInterview #NorthKorea #CyberSecurity #InsiderThreat #FakeITWorkers #GitLab #InfoSec securityonline.info/hired-to-hack-…

Hired to Hack: North Korean Fake IT Workers Hijack Exec Identities in 'Contagious Interview' Scams

GitLab reveals how North Korean fake IT workers use 'Contagious Interview' scams to bypass hiring, steal data, and hijack executive digital identities.

From securityonline.info

350