Security researchers have uncovered an evolved North Korean-linked malware campaign called Contagious Interview that uses JSON storage services to host malicious code. The attackers target software developers and Web3 professionals through spoofed recruiter messages and deliver payloads like BeaverTail and InvisibleFerret for credential theft and remote access. #ContagiousInterview #BeaverTail #InvisibleFerret #NorthKorea #Cyberespionage
Keypoints
- The Contagious Interview campaign is attributed to North Korean (DPRK) threat actors targeting developers and Web3 professionals.
- The attackers impersonate recruiters to lure victims into downloading malicious projects from platforms like GitLab.
- The malware payloads, including BeaverTail and InvisibleFerret, are hosted on legitimate JSON storage services to evade detection.
- BeaverTail steals credentials, crypto wallets, and system data, then downloads further malware stages like RATs for remote control.
- The campaign demonstrates sophisticated use of cloud and URL services for stealth and wide-reaching targeting of software developers.